CLI quickstart
vHSM (Virtual Hardware Security Module) provides cryptographic operations, key management, and secure attestation.
Learn how to create an attestation and verify token issuance from root, while ensuring workloads authenticate through their assigned namespaces.
Prerequisites
Create a namespace named
my-namepace, as the default policy associated with it defines access control rules for workloads within this namespace.
vhsm namespace create my-namespaceRun the following command to set up authentication, identities, policies, and attestation.
vhsm nitride init -namespacing @policy.hcl3. List the attestations that was created
vhsm nitride attestation listCheck if the attestation was successful for the namespace
my-namespace.
Note: If the workload in not linked to any attestation provider then you can specify the provider as local-none-debug .
vhsm nitride attestation -provider=<provider-name> report <attestation-profile-uuid>The output is similar to:
Key Value
--- -----
token hvs.CAESICfUzQZIhKaLrARrV_pqyvaofOmfPJgh1OGw7m3o2725GisKKWh2cy5oSlI3a2c2eURrd2FaME9pd3pzckplVWcubXktbmFtZXNwYWNl
token_accessor oXm454wsdywvqMbPhlp89JIX.my-namespace
token_duration 768h
token_renewable false
token_policies ["default" "enclaive-attested"]
identity_policies []
policies ["default" "enclaive-attested"]
token_meta_measurement none
token_meta_namespace my-namespace
token_meta_workload 6da1095a-c1f3-463d-bcd1-078af2dc2380
created 1743154819
description Add text
events http://localhost:8000
name Example
namespace my-namespace
nonce n/a
policy test
updated 1743154948
uuid 6da1095a-c1f3-463d-bcd1-078af2dc2380In the output, you can see that token_meta_namespace is set to my-namespace. This confirms that while authenticated to root, the issued token was assigned to my-namespace, indicating that the token was issued from root.
Last updated
Was this helpful?