# Install Nitride To interact with Nitride you need to install [vHSM](https://docs.enclaive.cloud/virtual-hsm), and [vHSM CLI.](https://docs.enclaive.cloud/nitride/documentation/install-the-cli#installing-the-cli) ## Installing vHSM {% hint style="info" %} **Note:**\ To install vHSM, you need an **enterprise license**. Contact support to obtain an enterprise license.\ \ **Note:** To install vHSM as a production server you need to create a `config.json` file. For more information, see [Configuration](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration). {% endhint %} You can install vHSM using, a Docker image, Helm chart, or by compiling from source. {% tabs %} {% tab title="Docker" %} 1. Pull the latest image. ```bash docker pull harbor.enclaive.cloud/vhsm/vhsm:latest ``` 2. Set your enterprise license key as an environment variable. ```bash export ENCLAIVE_LICENCE= ``` 3. Start a Docker container named `vhsm-container` . ```bash docker run -d --name vhsm-container -p 8200:8200 -p 8201:8201 -e ENCLAIVE_LICENCE="$ENCLAIVE_LICENCE" harbor.enclaive.cloud/vhsm/vhsm:latest ``` 4. Verify the container is running ```bash docker ps ``` 5. Check the logs to get the environment variables, unseal key, and root token. ```bash docker logs vhsm-container ``` **Example Output:** ``` WARNING! dev mode is enabled! In this mode, vHSM runs entirely in-memory and starts unsealed with a single unseal key. The root token is already authenticated to the CLI, so you can immediately begin using Vault. You may need to set the following environment variables: export VAULT_ADDR='http://0.0.0.0:8200' The unseal key and root token are displayed below in case you want to seal/unseal the vHSM or re-authenticate. Unseal Key: pafYkq2uEVve3FW7n7RM6JUK/MWEHzAxvrEdlrb4QD4= Root Token: hvs.7oXsG8t8L198HEpB865FdpFG Development mode should NOT be used in production installations! ``` 6. Set the environment variables as displayed in the output for accessing vHSM and save the *unseal key* and *root token* — you'll need them to access the vHSM UI or vHSM using the CLI. For more information see, [vHSM login](https://docs.enclaive.cloud/virtual-hsm/vhsm-cli/authentication-and-authorization/vhsm-login). 7. Access the vHSM UI. Open your browser and go to: {% endtab %} {% tab title="Kubernetes" %} 1. Set your enterprise license key as an environment variable. ```bash export ENCLAIVE_LICENCE= ``` 2. Install vHSM in your Kubernetes cluster. ```bash helm install vhsm oci://harbor.enclaive.cloud/vhsm/vhsm --version 0.28.1 --set server.extraEnvironmentVars.ENCLAIVE_LICENCE="$ENCLAIVE_LICENCE" ``` **Example Output:** ``` Pulled: harbor.enclaive.cloud/enclaive-dev/vhsm:0.28.1 Digest: sha256:d10c10f013efbff0275c33b5c292dd442017c85406aecebf8dc19a2302bf43af NAME: vhsm LAST DEPLOYED: Fri Feb 21 19:11:59 2025 NAMESPACE: default STATUS: deployed REVISION: 1 NOTES: Thank you for installing Enclaive vHSM! Now that you have deployed vHSM, you should look over the docs on using Vault with Kubernetes available here: https://docs.enclaive.cloud/virtual-hsm Your release is named vhsm. To learn more about the release, try: helm status vhsm helm get manifest vhsm ``` 3. Check if the pods are running. ```bash kubectl get pods ``` **Example Output:** ``` NAME READY STATUS RESTARTS AGE vhsm-0 1/1 Running 0 78s ``` 4. Check if the services are running. ```bash kubectl get svc ``` **Example Output:** ``` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE vhsm ClusterIP 10.96.219.177 8200/TCP,8201/TCP 90s vhsm-internal ClusterIP None 8200/TCP,8201/TCP 90s ``` 5. Port forward the service to access vHSM UI. ```bash kubectl port-forward svc/vhsm 8200:8200 8201:8201 ``` 6. Access the vHSM UI. Open your browser and go to: > **Note:**\ > The vHSM is **not initialized and unsealed by default**.\ > You will be prompted to initialize and unseal it. For more information about using the CLI , see [vhsm operator](https://docs.enclaive.cloud/virtual-hsm/vhsm-cli/configuration-and-management/vhsm-operator). * To *initialize* vHSM: ```bash vhsm operator init ``` * To *unseal* vHSM. Ensure that you replace `` with the unseal key that you obtained after initializing the vHSM. ```bash vhsm operator unseal ``` {% endtab %} {% tab title="Compile from source" %} #### Prerequisites Ensure the following are installed and configured: * **Go,** with the `GOPATH` environment variable set * **Git,** available in your system's PATH * Set the enterprise license key: ```bash export ENCLAIVE_LICENCE= ``` 1. Create directory structure in your GOPATH. ```bash mkdir -p $GOPATH/src/github.com/enclaive && cd $_ ``` 2. Clone the vHSM repository. ```bash git clone https://github.com/enclaive/vhsm.git ``` 3. Navigate into the repository. ```bash cd vhsm ``` 4. Bootstrap the project. ```bash make bootstrap ``` 5. Build vHSM. ```bash make dev ``` To build with the UI. \ The `dev-ui` target only adds a build tag to include the UI if it has already been built. To include the UI, run `make static-dist` or `make static-dist-dev` before building the main binary. ```bash make dev-ui ``` 6. Check if vHSM is installed. ```bash vhsm -h ``` If `vhsm` is not found, add it to your PATH: ```bash export PATH=$GOPATH/src/github.com/enclaive/vhsm/bin:$PATH ``` 7. To start vHSM server in dev mode use: `vhsm server -dev -dev-root-token-id="root"` **Note**: To start the server in Production mode, ensure that you have the `config.json` [file](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration) and use the command: `vhsm server -config=/etc/vault/config.json` To Access the vHSM UI. Open your browser and go to: {% endtab %} {% endtabs %} ## Next Step Continue to install a [CLI](https://docs.enclaive.cloud/nitride/documentation/setup/install-the-cli).