Update Attestation with TOTP

You can add additional layer of security to the attestation by adding TOTP to the attestation.

Create a TOTP for the policy associated to the attestation

Example:

vhsm nitride totp create nitride-policy 1720896000

This command creates a TOTP token for the policy named nitride-policy that will expire in 10 min. To get the expiration values use: date -v+10M +%s For more information, see vHSM Nitride CLI.

Output

Key           Value
---           -----
created       1752412158
expiration    1720896000
policy        nitride-poilcy
uuid          39d88f61-e7ef-4ffb-b812-e0f9cf1634c4

Update the attestation

Update the attestation.json that includes the TOTP info: Example content of attestation.json:

{
  "name": "Azure MariaDB",
  "namespace": "test",
  "totp_uuid": "f06a8a43-088a-45ae-8c57-28444ffb92a9",
  "policy": "nitride-policy",
  "description": "A small Azure VM running MariaDB with TOTP enabled",
  "events": "https://vhsm.enclaive.cloud/"
}

Where:

• "name": Logical name of the attestation profile.

• "policy": The policy to apply after successful attestation

• "namespace": The namespace in which the attestation should be created.

• "description": A brief explanation of the workload or resource being attested. Example: "A small Azure VM running MariaDB with TOTP enabled."

• "totp_uuid": UUID that identifies the Time-based One-Time Password (TOTP) configuration used for attestation

• "events": Endpoint where attestation event data should be sent .

Register the updated attestation

Example:

Output

Verify the attestation

Example:

Output