Install

There are several options to install Vault and the CLI:

Docker container with precompiled binary

Login to the enclaive repository and enter user and password

docker login harbor.enclaive.cloud 

Pull the container

docker pull enclaive-dev/nitride:latest

Helm Chart for Kubernetes

With the release of Helm 3.8.0, Helm is able to store and work with charts in container registries, as an alternative to Helm repositories.

Login to the enclaive repository and enter user and password

helm registry login harbor.enclaive.cloud

You can now install the chart

helm install oci://harbor.enclaive.cloud/enclaive-dev/nitride --version <version>

Compiling from source

Clone the Nitride repository from GitHub into your GOPATH:

mkdir -p $GOPATH/src/github.com/enclaive && cd $_
git clone https://github.com/enclaive/nitride.git
cd nitride

Bootstrap the project. This will download and compile libraries and tools needed to compile Nitride:

make bootstrap

Build Nitride for your current system and put the binary in ./bin/ (relative to the git checkout). The make dev target is just a shortcut that builds nitride for only your local build environment (no cross-compiled targets). The make dev-uibuilds the target with the UI.

make dev

To verify Nitride is installed, run nitride -h on your system. You should see the help output. If you are executing it from the command line, ensure it is on your PATH to avoid receiving an error that Nitride is not found.

nitride -h

Download the CLI

Sometimes it may be handy to work with the command line interface (CLI). For ease of use Nitride is compatible with the Hashicorp CLI. Follow the downloading guide lines below:

sudo apt update && sudo apt install gpg wget

wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

sudo apt update && sudo apt install vault

sudo dnf install -y dnf-plugins-core

sudo dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo

sudo dnf -y install vault

$ sudo yum install -y yum-utils

$ sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo

$ sudo yum -y install vault

Download the enclaivelet

The enclaivelet consists of binaries enclaivelet and provision. The first establishes to nitride a secure communication session, retrieves the attestation report, and redeems the report to obtain an authentication for vault. The latter establishes a secure communication session with Vault to retrieve secrets and provision them into the workload.

Download the binaries enclaivelet and provision as follows

wget https://mynitridedomain/static/{enclaivelet,provision}