Install Nitride

Install Nitride and securely integrate it into your environment, ensuring that workloads are verifiably trusted before granting access.

To interact with Nitride you need to install vHSM, and vHSM CLI.

Installing vHSM

Note: To install vHSM, you need an enterprise license. You also need access to the enclaive repository to download the precompiled binary. Contact support to obtain an enterprise license. To install vHSM as a production server you need to create a config.json file. For more information, see Configuration.

You can install vHSM using, a Docker image, Helm chart, or by compiling from source.

  1. Pull the latest image.

    docker pull harbor.enclaive.cloud/vhsm/vhsm:latest
  2. Set your enterprise license key as an environment variable.

    export ENCLAIVE_LICENCE=<licence-key>
  3. Start a Docker container named vhsm-container .

    docker run -d --name vhsm-container -p 8200:8200 -p 8201:8201      -e ENCLAIVE_LICENCE="$ENCLAIVE_LICENCE"      harbor.enclaive.cloud/vhsm/vhsm:latest
  4. Verify the container is running

    docker ps
  5. Check the logs to get the environment variables, unseal key, and root token.

    docker logs vhsm-container

    Example Output:

    WARNING! dev mode is enabled! In this mode, vHSM runs entirely in-memory
    and starts unsealed with a single unseal key. The root token is already
    authenticated to the CLI, so you can immediately begin using Vault.
    
    You may need to set the following environment variables:
    
        export VAULT_ADDR='http://0.0.0.0:8200'
    
    The unseal key and root token are displayed below in case you want to
    seal/unseal the vHSM or re-authenticate.
    
    Unseal Key: pafYkq2uEVve3FW7n7RM6JUK/MWEHzAxvrEdlrb4QD4=
    Root Token: hvs.7oXsG8t8L198HEpB865FdpFG
    
    Development mode should NOT be used in production installations!
  6. Set the environment variables as displayed in the output for accessing vHSM and save the unseal key and root token — you'll need them to access the vHSM UI or vHSM using the CLI. For more information see, vHSM login.

  7. Access the vHSM UI.

    Open your browser and go to: http://127.0.0.1:8200

Note: To install vHSM as a production server you need to create a config.json file. For more information, see Configuration.

Installing the vHSM CLI

To interact with vHSM, use the HashiCorp Vault CLI or Enclaive vHSM CLI.

Download the Linux CLI from the vHSM server:

wget https://vhsm.enclaive.cloud/static/vhsm

Last updated

Was this helpful?