Activate Nitride
On this page you learn how to
Register Nitride
To register the Nitride plugin, use the following command with the correct SHA-256 digest
from table or calculate it from the binary inside the docker image:
vhsm plugin register -sha256=<digest> auth vault-plugin-auth-ratls
To verify successful registration, run the command below and look for vault-plugin-auth-ratls
in the list:
vhsm plugin list | grep vault-plugin-auth-ratls
Enable Remote Attestation through TLS
To enable remote attestation and expose the endpoint path /ratls
, execute the following command:
vhsm auth enable -path=ratls vault-plugin-auth-ratls
Run the command below to confirm that the endpoint has been enabled correctly:
vhsm auth list
Example output:
Path Type Accessor Description Version
---- ---- -------- ----------- -------
ratls/ vault-plugin-auth-ratls auth_vault-plugin-auth-ratls_f19319b1 remote attestation certs v1.3
token/ token auth_token_a2c578f9 token based credentials n/a
Next
You're ready to go. The vHSM is set up. We recommend to do the MariaDB root admin secret provisioning tutorial, where you learn how to configure Nitride, attest a buckypaper VM and provision the admin credentials into the enclave.
Last updated
Was this helpful?