> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/virtual-hsm/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/virtual-hsm/tutorials/cli-quickstart.md).

# CLI quickstart

Learn how to create an attestation and verify token issuance from `root`, while ensuring workloads authenticate through their assigned namespaces.

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

* [Install vHSM CLI](/virtual-hsm/documentation/setup.md)
* [Install vHSM and start a Dev server](/virtual-hsm/documentation/setup/installation.md)

1. Create a namespace named `my-namepace` , as the default policy associated with it defines access control rules for workloads within this namespace.

```
vhsm namespace create my-namespace
```

2. Run the following command to set up authentication, identities, policies, and attestation.

```bash
vhsm nitride init -namespacing @policy.hcl
```

3\. List the attestations that was created&#x20;

```bash
vhsm nitride attestation list
```

{% hint style="info" %}
Make a note of the `uuid`  for the attestation
{% endhint %}

4. Check if the attestation was successful for the namespace `my-namespace` .

**Note:** If the workload in not linked to any attestation provider then you can specify the provider as `local-none-debug` .

```
vhsm nitride attestation -provider=<provider-name> report <attestation-profile-uuid>
```

The output is similar to:

```
Key                       Value
---                       -----
token                     hvs.CAESICfUzQZIhKaLrARrV_pqyvaofOmfPJgh1OGw7m3o2725GisKKWh2cy5oSlI3a2c2eURrd2FaME9pd3pzckplVWcubXktbmFtZXNwYWNl
token_accessor            oXm454wsdywvqMbPhlp89JIX.my-namespace
token_duration            768h
token_renewable           false
token_policies            ["default" "enclaive-attested"]
identity_policies         []
policies                  ["default" "enclaive-attested"]
token_meta_measurement    none
token_meta_namespace      my-namespace
token_meta_workload       6da1095a-c1f3-463d-bcd1-078af2dc2380
created                   1743154819
description               Add text
events                    http://localhost:8000
name                      Example
namespace                 my-namespace
nonce                     n/a
policy                    test
updated                   1743154948
uuid                      6da1095a-c1f3-463d-bcd1-078af2dc2380
```

In the output, you can see that `token_meta_namespace` is set to `my-namespace`. This confirms that while authenticated to `root`, the issued token was assigned to `my-namespace`, indicating that the token was issued from `root`.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/tutorials/cli-quickstart.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.