# Verify identities and policies locally

\
To perform an attestation verification flow for the given workload UUID and, upon successful verification , issues an authentication token. This token represents the result of the attestation process and can be used to grant access based on the verified state of the workload.

### Prerequisites

* [Install](/nitride/documentation/setup/install-nitride.md) and [configure](/nitride/documentation/setup/initialize.md) Nitride.
* Install [vHSM CLI](/nitride/documentation/setup/install-nitride.md#installing-the-vhsm-cli).
* Install [curl](https://curl.se/docs/install.html) and [jq](https://jqlang.org/) tools.
* Log in as root user to use the vHSM CLI tool, else use the [root token](/nitride/documentation/setup/install-nitride.md#installing-vhsm) for vHSM instance to use curl.
* [Create an identity](/nitride/tutorials/attestation-blueprint-1/create-or-update-identities.md), and [create a policy](/nitride/tutorials/attestation-blueprint-1/create-or-update-policies.md).

To verify the identity named `test-local` ,  and the policy named `test-local`  you need to create an attestation locally.<br>

1. Create a `attestation.json` file with the following content as vHSM-Nitride admin or user.

```
{
  "name": "Azure MariaDB",
  "description": "A small Azure VM running MariaDB",
  "namespace": "my-namespace",
  "events": "http://localhost:8000",
  "policy": "test-local"
}
```

2. Create a attestation workload for the provider `local-none-debug` using: `vhsm nitride attestation create @attestation.json` .

The output is similar to:

```
Key            Value
---            -----
created        1749559274
description    A small Azure VM running MariaDB
events         http://localhost:8000
name           Azure MariaDB
namespace      my-namespace
nonce          n/a
policy         test-local
updated        0
uuid           f03da938-f84c-472c-80b7-6ecb10058261

```

3. List the attestations that are available: `vhsm nitride attestation list`
4. Verify the attestation for the workload that you created: `vhsm nitride attestation -provider=local-none-debug report <uuid>`&#x20;

The output is similar to:

```
Key                       Value
---                       -----
token                     hvs.CAESIBi0Pzvf_zPrhCa68Tb1h625tyZ3MJNdHJdOS2MBuL_QGh4KHGh2cy5KRnB2Y3NlVWhIWVZ2ZU1CaHJuWWM4eWE
token_accessor            QRCJEzKxf7a66TDpzYHH74LT
token_duration            768h
token_renewable           false
token_policies            ["default" "enclaive-attested"]
identity_policies         []
policies                  ["default" "enclaive-attested"]
token_meta_namespace      my-namespace
token_meta_workload       f03da938-f84c-472c-80b7-6ecb10058261
token_meta_measurement    none
created                   1749559274
description               A small Azure VM running MariaDB
events                    http://localhost:8000
name                      Azure MariaDB
namespace                 my-namespace
nonce                     n/a
policy                    test-local
updated                   1749559344
uuid                      f03da938-f84c-472c-80b7-6ecb10058261
```

This output confirms that vHSM successfully interacted with the attestation service regarding the specified workload and received an authentication token with specific policies attached, indicating a successful attestation or a simulated attestation outcome. \
\
**Next Steps:**

You've successfully set up and tested attestation with the local-none-debug provider including identity, policy, workload, and report.Now, to attest a "buckypaper VM," you'll need to:

1. Identify the appropriate real attestation provider for that VM such as "aws-sev-snp-raw", "azure-sev-snp-vtpm", or other supported providers.
2. Create specific identities and policies for the buckypaper VM, aligning with its provider.
3. Generate the actual attestation report from within the buckypaper VM.
4. Submit and verify this report using the vHSM CLI tool with the correct provider.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/nitride/tutorials/attestation-blueprint-1/verify-identities-and-policies-locally.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.