Activate Nitride

On this page you learn how to

Register Nitride

To register the Nitride plugin, use the following command with the correct SHA-256 digest from table or calculate it from the binary inside the docker image:

vhsm plugin register -sha256=<digest> auth vault-plugin-auth-ratls

To verify successful registration, run the command below and look for vault-plugin-auth-ratls in the list:

vhsm plugin list | grep vault-plugin-auth-ratls

Enable Remote Attestation through TLS

To enable remote attestation and expose the endpoint path /ratls, execute the following command:

vhsm auth enable -path=ratls vault-plugin-auth-ratls

Run the command below to confirm that the endpoint has been enabled correctly:

vhsm auth list

Example output:

Path      Type                       Accessor                                 Description                Version
----      ----                       --------                                 -----------                -------
ratls/    vault-plugin-auth-ratls    auth_vault-plugin-auth-ratls_f19319b1    remote attestation certs   v1.3
token/    token                      auth_token_a2c578f9                      token based credentials    n/a

You're ready to go. The vHSM is set up. We recommend to do the MariaDB root admin secret provisioning tutorial, where you learn how to configure Nitride, attest a buckypaper VM and provision the admin credentials into the enclave.

PreviousStart the Vault server NextMariaDB root admin password provisioning on Azure DCXas_v5 VM

Last updated 2 months ago