Provisioning a decryption key

In this tutorial, we will create a VM, after which we will obtain the decryption key stored in Vault using the buckypaper engine.

Create a template

The first step will be to create a template for VM. You can refer to the "Create a Buckypaper VMs template" tutorial for a better understanding of how to do this.

Create a namespace

The second step will be to create a namespace. This is a mandatory requirement for creating attestation. You can learn how to create and use namespaces in the documentation.

Create dkv-v2 engines

The third step is to create engine, where we will store the decryption key.

POST http://localhost:8200/v1/sys/mounts/buckypaper

Headers

Body

Response

204 No Content

Attesting a buckypaper VM

Next, you need to perform steps 3 and 4 as described in 'Attesting a buckypaper VMs'.

Decryption key

After completing all the steps and receiving the attestation result via webhook, you can find the decryption key in Vault at the path /:instance/disk/:name

GET http://localhost:8200/v1/buckypaper/data/:instance/disk/:name

Params

Headers

Response

{
    "request_id": "2bb8543f-ed2a-93d5-cf04-3f635e076e39",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "data": {
            "value": "J9UpmqSH+tkEX/ewfxc4PFe8wCEhI4A8ybCVyhccPo0="
        },
        "metadata": {
            "created_time": "2024-04-22T07:06:16.096031073Z",
            "custom_metadata": null,
            "deletion_time": "",
            "destroyed": false,
            "version": 1
        }
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

{
  "error": "Invalid request"
}