Update Attestation with TOTP
Learn to add TOTP to the attestation
You can add additional layer of security to the attestation by adding TOTP to the attestation.
Create a TOTP for the policy associated to the attestation
Example:
vhsm nitride totp create nitride-policy 1720896000This command creates a TOTP token for the policy named nitride-policy that will expire in 10 min. To get the expiration values use: date -v+10M +%s For more information, see vHSM Nitride CLI.
Output
Key Value
--- -----
created 1752412158
expiration 1720896000
policy nitride-poilcy
uuid 39d88f61-e7ef-4ffb-b812-e0f9cf1634c4Update the attestation
Update the attestation.json that includes the TOTP info:
Example content of attestation.json:
{
"name": "Azure MariaDB",
"namespace": "test",
"totp_uuid": "f06a8a43-088a-45ae-8c57-28444ffb92a9",
"policy": "nitride-policy",
"description": "A small Azure VM running MariaDB with TOTP enabled",
"events": "https://vhsm.enclaive.cloud/"
}Where:
"name": Logical name of the attestation profile.
"policy": The policy to apply after successful attestation
"namespace": The namespace in which the attestation should be created.
"description": A brief explanation of the workload or resource being attested. Example: "A small Azure VM running MariaDB with TOTP enabled."
"totp_uuid": UUID that identifies the Time-based One-Time Password (TOTP) configuration used for attestation
"events": Endpoint where attestation event data should be sent .
Register the updated attestation
Example:
Output
Verify the attestation
Example:
Output
Last updated
Was this helpful?