# Install Nitride

To interact with Nitride you need to install [vHSM](https://docs.enclaive.cloud/virtual-hsm), and [vHSM CLI.](/nitride/documentation/setup/install-the-cli.md#installing-the-cli)

## Installing vHSM

{% hint style="info" %}
**Note:**\
To install vHSM, you need an **enterprise license**. Contact support to obtain an enterprise license.\
\
**Note:** To install vHSM as a production server you need to create a `config.json` file. For more information, see [Configuration](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration).
{% endhint %}

You can install vHSM using, a Docker image, Helm chart, or by compiling from source.

{% tabs %}
{% tab title="Docker" %}

1. Pull the latest image.

   ```bash
   docker pull harbor.enclaive.cloud/vhsm/vhsm:latest
   ```
2. Set your enterprise license key as an environment variable.

   ```bash
   export ENCLAIVE_LICENCE=<licence-key>
   ```
3. Start a Docker container named `vhsm-container` .

   ```bash
   docker run -d --name vhsm-container -p 8200:8200 -p 8201:8201      -e ENCLAIVE_LICENCE="$ENCLAIVE_LICENCE"      harbor.enclaive.cloud/vhsm/vhsm:latest
   ```
4. Verify the container is running

   ```bash
   docker ps
   ```
5. Check the logs to get the environment variables, unseal key, and root token.

   ```bash
   docker logs vhsm-container
   ```

   **Example Output:**

   ```
   WARNING! dev mode is enabled! In this mode, vHSM runs entirely in-memory
   and starts unsealed with a single unseal key. The root token is already
   authenticated to the CLI, so you can immediately begin using Vault.

   You may need to set the following environment variables:

       export VAULT_ADDR='http://0.0.0.0:8200'

   The unseal key and root token are displayed below in case you want to
   seal/unseal the vHSM or re-authenticate.

   Unseal Key: pafYkq2uEVve3FW7n7RM6JUK/MWEHzAxvrEdlrb4QD4=
   Root Token: hvs.7oXsG8t8L198HEpB865FdpFG

   Development mode should NOT be used in production installations!
   ```
6. Set the environment variables as displayed in the output for accessing vHSM and save the *unseal key* and *root token* — you'll need them to access the vHSM UI or vHSM using the CLI. For more information see, [vHSM login](https://docs.enclaive.cloud/virtual-hsm/vhsm-cli/authentication-and-authorization/vhsm-login).
7. Access the vHSM UI.

   Open your browser and go to: <http://127.0.0.1:8200>
   {% endtab %}

{% tab title="Kubernetes" %}

1. Set your enterprise license key as an environment variable.

   ```bash
   export ENCLAIVE_LICENCE=<licence-key>
   ```
2. Install vHSM in your Kubernetes cluster.

   ```bash
   helm install vhsm oci://harbor.enclaive.cloud/vhsm/vhsm      --version 0.28.1      --set server.extraEnvironmentVars.ENCLAIVE_LICENCE="$ENCLAIVE_LICENCE"
   ```

   **Example Output:**

   ```
   Pulled: harbor.enclaive.cloud/enclaive-dev/vhsm:0.28.1
   Digest: sha256:d10c10f013efbff0275c33b5c292dd442017c85406aecebf8dc19a2302bf43af
   NAME: vhsm
   LAST DEPLOYED: Fri Feb 21 19:11:59 2025
   NAMESPACE: default
   STATUS: deployed
   REVISION: 1
   NOTES:
   Thank you for installing Enclaive vHSM!
   Now that you have deployed vHSM, you should look over the docs on using
   Vault with Kubernetes available here:

   https://docs.enclaive.cloud/virtual-hsm

   Your release is named vhsm. To learn more about the release, try:

     helm status vhsm
     helm get manifest vhsm
   ```
3. Check if the pods are running.

   ```bash
   kubectl get pods
   ```

   **Example Output:**

   ```
   NAME     READY   STATUS    RESTARTS   AGE
   vhsm-0   1/1     Running   0          78s
   ```
4. Check if the services are running.

   ```bash
   kubectl get svc
   ```

   **Example Output:**

   ```
   NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
   vhsm            ClusterIP   10.96.219.177   <none>        8200/TCP,8201/TCP   90s
   vhsm-internal   ClusterIP   None            <none>        8200/TCP,8201/TCP   90s
   ```
5. Port forward the service to access vHSM UI.

   ```bash
   kubectl port-forward svc/vhsm 8200:8200 8201:8201
   ```
6. Access the vHSM UI.

   Open your browser and go to: <http://127.0.0.1:8200>

> **Note:**\
> The vHSM is **not initialized and unsealed by default**.\
> You will be prompted to initialize and unseal it. For more information about using the CLI , see [vhsm operator](https://docs.enclaive.cloud/virtual-hsm/vhsm-cli/configuration-and-management/vhsm-operator).

* To *initialize* vHSM:

  ```bash
  vhsm operator init
  ```
* To *unseal* vHSM. Ensure that you replace `<unseal-key>` with the unseal key that you obtained after initializing the vHSM.

  ```bash
  vhsm operator unseal <unseal-key>
  ```

{% endtab %}

{% tab title="Compile from source" %}

#### Prerequisites

Ensure the following are installed and configured:

* **Go,** with the `GOPATH` environment variable set
* **Git,** available in your system's PATH
* Set the enterprise license key:

  ```bash
  export ENCLAIVE_LICENCE=<licence-key>
  ```

1. Create directory structure in your GOPATH.

   ```bash
   mkdir -p $GOPATH/src/github.com/enclaive && cd $_
   ```
2. Clone the vHSM repository.

   ```bash
   git clone https://github.com/enclaive/vhsm.git
   ```
3. Navigate into the repository.

   ```bash
   cd vhsm
   ```
4. Bootstrap the project.

   ```bash
   make bootstrap
   ```
5. Build vHSM.

   ```bash
   make dev
   ```

   To build with the UI. \
   The `dev-ui` target only adds a build tag to include the UI if it has already been built. To include the UI, run `make static-dist` or `make static-dist-dev` before building the main binary.

   ```bash
   make dev-ui
   ```
6. Check if vHSM is installed.

   ```bash
   vhsm -h
   ```

   If `vhsm` is not found, add it to your PATH:

   ```bash
   export PATH=$GOPATH/src/github.com/enclaive/vhsm/bin:$PATH
   ```
7. To start vHSM server in dev mode use: `vhsm server -dev -dev-root-token-id="root"`

**Note**: To start the server in Production mode, ensure that you have the `config.json` [file](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration) and use the command: `vhsm server -config=/etc/vault/config.json`

To Access the vHSM UI. Open your browser and go to: <http://127.0.0.1:8200>
{% endtab %}
{% endtabs %}

## Next Step

Continue to install a [CLI](/nitride/documentation/setup/install-the-cli.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/nitride/documentation/setup/install-nitride.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.