# Create Policy

{% hint style="info" %}
**Note**:

If you started Nitride by using the `vhsm nitride init` command then, it performs a series of operations to configure and secure your environment:

1. Creates essential Nitride identities, including: platform, firmware, and workload
2. Creates and attaches a Nitride policy from an embedded policy configuration.
3. Generates attestation objects based on your setup.
4. Bootstraps the environment to allow secure workload attestation and the issuance of access tokens with the appropriate permissions.
   {% endhint %}

## Creating a policy

1. Create a `policy.json` file that outlines the actions or capabilities and the resources or paths the identity is allowed to access after successful attestation. To create a policy that is attached to a provider see `vhsm nitride policy -help`  command.

```json
{
    "name": "nitride-policy",
    "identities": {
        "provider": "azure-sev-snp-vtpm",
        "platform": [
            {
                "name": "amd-sev-snp-milan-vcek"
            }
        ],
        "firmware": [
            {
                "name": "azure-dc2as-v5"
            }
        ],
        "workload": {
            "name": "azure-sev-snp-vtpm-ubuntu-jammy",
            "policy": {
                "hash": false,
                "pcrs.0": false
            }
        },
        "metadata": null
    }
}
```

Where:

* name: Logical name of the policy.
* identities: contains the list of identities

2. Use the `vhsm nitride policy create` command to register the policy:

```bash
vhsm nitride policy create @policy.json
```

The `@policy.json` syntax ensures that the CLI can read and embed the file contents directly into the request.

The output is similar to:

```
Key           Value
---           -----
created       1742820324
identities    map[firmware:[map[name:azure-dc2asv5 policy:<nil>]] metadata:<nil> platform:[map[name:amd-sev-snp-milan-vcek policy:<nil>]] provider:azure-sev-snp-vtpm workload:<nil>]
name          nitride-policy
```

3. Verify that the policy was created:&#x20;

```
vhsm nitride policy list
```

The output is similar to:

```
Keys
----
nitride-policy
```

You can also reference this policy in your `attestation.json` to bind it to specific identities.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/create-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.