# Nitride ## Nitride - [Nitride](https://docs.enclaive.cloud/nitride/nitride.md): Manage identities of confidential VMs and k8s containers, define workload-based access control, secure access to secrets, and pave the way to confidential computing. - [Documentation](https://docs.enclaive.cloud/nitride/documentation.md) - [What is Nitride?](https://docs.enclaive.cloud/nitride/documentation/what-is-nitride.md) - [How it works?](https://docs.enclaive.cloud/nitride/documentation/how-it-works.md) - [Use Case](https://docs.enclaive.cloud/nitride/documentation/use-case.md) - [Setup](https://docs.enclaive.cloud/nitride/documentation/setup.md) - [Install Nitride](https://docs.enclaive.cloud/nitride/documentation/setup/install-nitride.md): Install Nitride and securely integrate it into your environment, ensuring that workloads are verifiably trusted before granting access. - [Install the CLI](https://docs.enclaive.cloud/nitride/documentation/setup/install-the-cli.md) - [Initialize](https://docs.enclaive.cloud/nitride/documentation/setup/initialize.md): Init Nitride and implement custom authentication and authorization mechanisms. - [Getting Started](https://docs.enclaive.cloud/nitride/documentation/getting-started.md) - [Hello "attestation" world](https://docs.enclaive.cloud/nitride/documentation/getting-started/hello-attestation-world.md): Learn to make your first "local" attestation from within the enclaved workload. - [Remote attestation](https://docs.enclaive.cloud/nitride/documentation/getting-started/remote-attestation.md): Learn how to make a "remote" attestation workflow using the CLI commands. - [Setup](https://docs.enclaive.cloud/nitride/documentation/getting-started/remote-attestation/setup.md): Learn how to do a remote attestation using vHSM nitride. You need to create an attestation policy on the verifier. - [Generate a Nonce](https://docs.enclaive.cloud/nitride/documentation/getting-started/remote-attestation/generate-a-nonce.md): Learn to generate nonce on the verifier - [Generate a Report](https://docs.enclaive.cloud/nitride/documentation/getting-started/remote-attestation/generate-a-report.md): Learn to generate an attestation report for a workload on your VM - [Verify the report](https://docs.enclaive.cloud/nitride/documentation/getting-started/remote-attestation/verify-the-report.md): Learn to verify the attestation report that was generated by the provider. - [Concepts](https://docs.enclaive.cloud/nitride/documentation/concepts.md): Learn about the basic concepts around creating, attesting, verifying and updating workload identities, identifying not only a machine but also its code. - [Annotations](https://docs.enclaive.cloud/nitride/documentation/concepts/annotations.md): Learn more about annotations for Attestation Reporting. - [Attestation](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation.md): Learn the basic concept of remote attestation. - [Protocols](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/protocols.md) - [PKI](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/pki.md) - [AMD SEV](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/pki/amd-sev.md): In this article we discuss the public key infrastracture related to AMD SEV technology. - [Intel TDX](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/pki/intel-tdx.md) - [Methods](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods.md): Understand about the various types of attestation methods along some examples. - [Raw Attestation](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation.md): Raw is the basic form of remote attestation, protecting the integrity of the platform and virtualized (UEFI). - [Raw Attestation with Secure Boot](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation-with-secure-boot.md): The attestation with Secure Boot resembles the principals of UEFI Secure Boot where the integrity of the UEFI is attested. - [Raw Attestation with vTPM](https://docs.enclaive.cloud/nitride/documentation/concepts/attestation/methods/raw-attestation-with-vtpm.md): Understand about virtual Trusted Platform Module (vTPM) and how it works for various vendors. - [Identity](https://docs.enclaive.cloud/nitride/documentation/concepts/identity.md): This section introduces the concept of workload identity and explains how it is implemented within the Nitride Platform. - [Policy](https://docs.enclaive.cloud/nitride/documentation/concepts/policy.md): Learn more about policies to verify attestation claims. - [TOTP](https://docs.enclaive.cloud/nitride/documentation/concepts/totp.md): Learn how to update attestations - [Architecture](https://docs.enclaive.cloud/nitride/documentation/architecture.md) - [CLI](https://docs.enclaive.cloud/nitride/documentation/architecture/cli.md): Learn more about the command line and its architecture - [Nitride](https://docs.enclaive.cloud/nitride/documentation/architecture/nitride.md): Learn more about the Nitride Attestation framework and how to leverage the vHSM CLI as attestation agent - [Supported Technologies](https://docs.enclaive.cloud/nitride/documentation/supported-technologies.md) - [Tutorials](https://docs.enclaive.cloud/nitride/tutorials.md): Learn about using Nitride to attest a workload - [Attestation Blueprint](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint.md): Learn about namespace attestation - [Login as root](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/login-as-root.md): Login as root user of the vHSM server - [Create a namespace](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/create-a-namespace.md): Learn to create a namespace for the attestation - [Initialize Nitride for the namespace](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/initialize-nitride-for-the-namespace.md): Learn to initialize the Nitride plugin in the namespace - [Create Policy](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/create-policy.md): Learn to create a policy and register the policy - [Create Identity](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/create-identity.md) - [Create Attestation](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/create-attestation.md) - [Update Attestation with TOTP](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/update-attestation-with-totp.md): Learn to add TOTP to the attestation - [Create Annotations](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint/create-annotations.md) - [Get Firmware Measurement](https://docs.enclaive.cloud/nitride/tutorials/get-firmware-measurement.md): Learn to get the firmware measurement of the VM - [Attestation Blueprint](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1.md): unhide when done - [Enable Namespacing](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/enable-namespacing.md): Learn to issue token for namespaces in a vHSM. - [Register Identities](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/register-identities.md): Learn to register identities that are critical for enabling secure workload attestation and enforcing policies based on the trustworthiness of the underlying platform, firmware, and workload. - [Create Attestation](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-attestation.md): Learn to create an attestation profile in vHSM using the CLI to enable trusted workload execution based on identity and access policies. - [Create Policy](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-policy.md): Learn to create a policy in vHSM that defines what actions an attested identity can perform after successful remote attestation. - [Create or update identities](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-or-update-identities.md): Learn to create or update identities - [Create or update policies](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-or-update-policies.md) - [Verify identities and policies locally](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/verify-identities-and-policies-locally.md): Learn to create a attestation for a workload and verify the UUID locally. - [List Nitride identities, attestations, and policies](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/list-nitride-identities-attestations-and-policies.md): Learn to list the default identities, attestations, and policies - [Create identities and policies](https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-identities-and-policies.md) - [Attesting a buckypaper VM](https://docs.enclaive.cloud/nitride/tutorials/attesting-a-buckypaper-vm.md) - [Provisioning MariaDB Password on Azure DCXas\_v5 VM](https://docs.enclaive.cloud/nitride/tutorials/provisioning-mariadb-password-on-azure-dcxas_v5-vm.md): This tutorial guides you through provisioning a MariaDB container on a confidential buckypaper VM in Azure. The steps can be easily adapted for any cloud service provider that supports buckypaper. - [OUTDATED Provisioning SSH keys](https://docs.enclaive.cloud/nitride/tutorials/outdated-provisioning-ssh-keys.md) - [OUTDATED Provisioning kubeconfig](https://docs.enclaive.cloud/nitride/tutorials/outdated-provisioning-kubeconfig.md) - [vHSM Agent](https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent.md): Learn about vHSM agent and how it can help you with secure access to secrets and cryptographic operations managed by a vHSM. - [vHSM Agent Configurations](https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations.md) - [auto\_auth](https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/auto_auth.md): Learn about the various parameters in the auto\_auth block of the configuration file. - [template\_config](https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/template_config.md): Learn about setting global defaults for the templating engine. - [template](https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/template.md): Learn about configuring the vHSM Agent to fetch secrets and render them into files. - [trustlet](https://docs.enclaive.cloud/nitride/tutorials/vhsm-agent/vhsm-agent-configurations/trustlet.md): Learn about using trustlet to perform actions through a vHSM agent. - [CLI](https://docs.enclaive.cloud/nitride/cli.md): This guide helps you initialize and configure Nitride using the vhsm CLI. It covers authentication, workload identity management, attestation policies, and namespaced token support. - [nitride](https://docs.enclaive.cloud/nitride/cli/nitride.md) - [annotation](https://docs.enclaive.cloud/nitride/cli/annotation.md): Add human-readable labels to raw attestation values (hashes, PCRs, measurements), so operators can understand what a value means. - [create](https://docs.enclaive.cloud/nitride/cli/annotation/create.md): This command creates an annotation to associate a human-readable description or value with a specific technical attestation key. - [read](https://docs.enclaive.cloud/nitride/cli/annotation/read.md): Learn to retrieve a previously created annotation for a given attestation value. - [update](https://docs.enclaive.cloud/nitride/cli/annotation/update.md): Learn to modify or update the human‑readable label for an existing attestation value. - [delete](https://docs.enclaive.cloud/nitride/cli/annotation/delete.md): Remove an annotation for a given attestation key. - [list](https://docs.enclaive.cloud/nitride/cli/annotation/list.md): List all stored annotation keys - [attestation](https://docs.enclaive.cloud/nitride/cli/attestation.md): The command manages workload attestation in the vHSM system. It supports both local and remote attestation. - [create@](https://docs.enclaive.cloud/nitride/cli/attestation/create.md): Creates a new workload attestation configuration. The attestation definition must be provided as a JSON file @values.json. - [delete](https://docs.enclaive.cloud/nitride/cli/attestation/delete.md): Deletes a workload attestation. - [dump](https://docs.enclaive.cloud/nitride/cli/attestation/dump.md): Performs local attestation operations without requiring a connection to the vHSM server. Note, report is not verified. - [decode](https://docs.enclaive.cloud/nitride/cli/attestation/decode.md): Decode and display an attestation report in human-readable format. - [generate](https://docs.enclaive.cloud/nitride/cli/attestation/generate.md): Generates an attestation report locally for a given nonce. - [local](https://docs.enclaive.cloud/nitride/cli/attestation/local.md): Performs local attestation operations without requiring a connection to the vHSM server. - [list](https://docs.enclaive.cloud/nitride/cli/attestation/list.md): Lists all attestations in the vHSM system. - [nonce](https://docs.enclaive.cloud/nitride/cli/attestation/nonce.md): Generates a nonce for a specific workload attestation. A nonce is a random value used to ensure freshness and prevent replay attacks during attestation. - [read](https://docs.enclaive.cloud/nitride/cli/attestation/read.md): Reads the details of a workload attestation. - [update](https://docs.enclaive.cloud/nitride/cli/attestation/update.md): Updates an existing workload attestation configuration. - [verify](https://docs.enclaive.cloud/nitride/cli/attestation/verify.md): Verifies an attestation report for a specific workload using the vHSM server. - [config](https://docs.enclaive.cloud/nitride/cli/config.md): This command helps you to read the current settings of the Nitride plugin at the mount. - [read](https://docs.enclaive.cloud/nitride/cli/config/read.md): Reads the global configuration for the Nitride plugin. - [identity](https://docs.enclaive.cloud/nitride/cli/identity.md) - [create](https://docs.enclaive.cloud/nitride/cli/identity/create.md) - [read](https://docs.enclaive.cloud/nitride/cli/identity/read.md): Read the details of the identities that you created - [delete](https://docs.enclaive.cloud/nitride/cli/identity/delete.md) - [list](https://docs.enclaive.cloud/nitride/cli/identity/list.md): View the different identities that you created. - [init](https://docs.enclaive.cloud/nitride/cli/init.md): The command performs a series of operations to configure and secure your environment: Creates essential Nitride identities and attaches a policy. - [log](https://docs.enclaive.cloud/nitride/cli/log.md): The command manages attestation and event logs in the vHSM system. Logs record attestation events and other actions performed by workloads, providing an auditable history for security and compliance. - [read](https://docs.enclaive.cloud/nitride/cli/log/read.md) - [delete](https://docs.enclaive.cloud/nitride/cli/log/delete.md) - [list](https://docs.enclaive.cloud/nitride/cli/log/list.md) - [policy](https://docs.enclaive.cloud/nitride/cli/policy.md) - [create](https://docs.enclaive.cloud/nitride/cli/policy/create.md) - [read](https://docs.enclaive.cloud/nitride/cli/policy/read.md) - [update](https://docs.enclaive.cloud/nitride/cli/policy/update.md) - [delete](https://docs.enclaive.cloud/nitride/cli/policy/delete.md) - [list](https://docs.enclaive.cloud/nitride/cli/policy/list.md) - [totp](https://docs.enclaive.cloud/nitride/cli/totp.md) - [create](https://docs.enclaive.cloud/nitride/cli/totp/create.md) - [delete](https://docs.enclaive.cloud/nitride/cli/totp/delete.md): Deletes a specific Time-based One-Time Password token. - [API](https://docs.enclaive.cloud/nitride/api.md) - [Annotations](https://docs.enclaive.cloud/nitride/api/annotations.md) - [Attestations](https://docs.enclaive.cloud/nitride/api/attestations.md) - [Configuration](https://docs.enclaive.cloud/nitride/api/configuration.md) - [Identities](https://docs.enclaive.cloud/nitride/api/identities.md) - [Logs](https://docs.enclaive.cloud/nitride/api/logs.md) - [Policies](https://docs.enclaive.cloud/nitride/api/policies.md) - [TOTP](https://docs.enclaive.cloud/nitride/api/totp.md) - [Models](https://docs.enclaive.cloud/nitride/api/models.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/nitride/nitride.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.