search
DocumentationTutorials

Initialize

Init Nitride and implement custom authentication and authorization mechanisms.

Nitride is built around the Vault core - a popular open-source tool for securely storing and managing secrets. While Vault provides a robust core functionality, its versatility can be extended through the creation of plugins. These plugins allow users to tailor Vault to specific use cases, integrate with external systems, and implement custom authentication and authorization mechanisms.

Nitride extension ratls is an authentication module, adding workload identity methods to the core.

hashtag
Step-by-step Guide

circle-info

Note: To view the available plugins you need to login as a root user for vHSM. For more information about using the vHSM CLI to login, see Authentication and Authorizationarrow-up-right. You need the root token or access token with sufficient privileges that you saved during the installation.

hashtag
List installed plugins

To verify that the extension is registered, run the following command:

vhsm plugin list

Output:

Name                                 Type        Version
----                                 ----        -------
alicloud                             auth        v0.15.0+builtin
approle                              auth        v1.3.7+builtin.vault
aws                                  auth        v1.3.7+builtin.vault
azure                                auth        v0.16.0+builtin
centrify                             auth        v0.15.1+builtin
cert                                 auth        v1.3.7+builtin.vault
cf                                   auth        v0.15.0+builtin
gcp                                  auth        v0.16.0+builtin
github                               auth        v1.3.7+builtin.vault
jwt                                  auth        v0.16.0+builtin
kerberos                             auth        v0.10.0+builtin
kubernetes                           auth        v0.16.0+builtin
ldap                                 auth        v1.3.7+builtin.vault
oci                                  auth        v0.14.0+builtin
oidc                                 auth        v1.3.7+builtin.vault
okta                                 auth        v1.3.7+builtin.vault
pcf                                  auth        v1.3.7+builtin.vault
radius                               auth        v1.3.7+builtin.vault
ratls                                auth        v1.3.7+builtin.vault
userpass                             auth        v1.3.7+builtin.vault
cassandra-database-plugin            database    v1.3.7+builtin.vault
couchbase-database-plugin            database    v0.9.2+builtin

Look for the presence of the plugin ratls.

hashtag
Enabling the rATLS Auth Method

  1. Enable the Remote Attestation TLS (RA-TLS) plugin on the vHSM server.

  • -path=ratls: the mount path where the auth method is enabled.

  • ratls: the name of the plugin.

circle-info

Note: To enable ratls auth method with token namespoacing, see Enable Namespacing.

Output:

circle-info

After you enable rATLs authentication method, it allows workloads to authenticate using remote attestation based on platform and firmware identity.

  1. Verify that the authentication method is active.

Output:

If ratls/ appears in the list, the auth method has been successfully enabled.

  1. You can optionally update the description or settings for the enabled auth method.

Last updated

Was this helpful?