Install

Installation prerequisites an enterprise licence. Please contact support.

There are several options to install Nitride, the CLI and the enclaivelet:

Docker container with precompiled binary

Login to the enclaive repository and enter user and password

docker login harbor.enclaive.cloud 

Pull the container

docker pull enclaive-dev/nitride:latest

Helm Chart for Kubernetes

With the release of Helm 3.8.0, Helm is able to store and work with charts in container registries, as an alternative to Helm repositories.

Login to the enclaive repository and enter user and password

helm registry login harbor.enclaive.cloud

You can now install the chart

helm install oci://harbor.enclaive.cloud/enclaive-dev/nitride --version <version>

Compiling from source

To compile from source, you will need Go installed and properly configured (including a GOPATH environment variable set), as well as a copy of git in your PATH.

Clone the Vault repository from GitHub into your GOPATH:

mkdir -p $GOPATH/src/github.com/enclaive && cd $_
git clone https://github.com/enclaive/nitride.git
cd nitride

Bootstrap the project. This will download and compile libraries and tools needed to compile Vault:

make bootstrap

Build Vault for your current system and put the binary in ./bin/ (relative to the git checkout). The make dev target is just a shortcut that builds vault for only your local build environment (no cross-compiled targets). The make dev-uibuilds the target with the UI.

make dev

To verify Vault is installed, run vault -h on your system. You should see the help output. If you are executing it from the command line, ensure it is on your PATH to avoid receiving an error that Vault is not found.

vault -h

Download the vault CLI

Sometimes it may be handy to work with the command line. For ease of use vault ist compatible with the hashicorp CLI. Follow the downloading guide lines below:

Please follow the instructions in the Official Packaging Guide to install the HashiCorp GPG key, verify the key's fingerprint, and install Vault.

Ubuntu/Debian

Update the package manager and install GPG and wget.

sudo apt update && sudo apt install gpg wget

Download the keyring

wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

Verify the keyring

gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

Add the HashiCorp repository.

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

Install Vault.

sudo apt update && sudo apt install vault

Fedora

Install dnf config-manager to manage your repositories.

sudo dnf install -y dnf-plugins-core

Use dnf config-manager to add the official HashiCorp Linux repository.

sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo

Install Vault.

sudo dnf -y install vault

Amazon Linux

Install yum-config-manager to manage your repositories.

$ sudo yum install -y yum-utils

Use yum-config-manager to add the official HashiCorp Linux repository.

$ sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo

Install Vault.

$ sudo yum -y install vault

Download the enclaivelet

The enclaivelet actually consists of the two binaries enclaivelet and provision. The first is the attesation shim. The aim is to establish a secure session with Nitride, retrieve an attestation report, and redeem the report to obtain the authentication token. The latter as the name suggests, establishes a secure session with Vault, redeems the previously auth token to get access to secrets, and provisions the secrets into the workload.

Download binaries enclaivelet and provision as follows

wget https://mynitridedomain/static/{enclaivelet, provision}

Last updated