CLI quickstart
vHSM (Virtual Hardware Security Module) provides cryptographic operations, key management, and secure attestation.
Learn how to create an attestation and verify token issuance from root
, while ensuring workloads authenticate through their assigned namespaces.
Prerequisites
Create a namespace named
my-namepace
, as the default policy associated with it defines access control rules for workloads within this namespace.
vhsm namespace create my-namespace
Run the following command to set up authentication, identities, policies, and attestation.
vhsm nitride init -namespacing @policy.hcl
3. List the attestations that was created
vhsm nitride attestation list
Check if the attestation was successful for the namespace
my-namespace
.
Note: If the workload in not linked to any attestation provider then you can specify the provider as local-none-debug
.
vhsm nitride attestation -provider=<provider-name> report <attestation-profile-uuid>
The output is similar to:
Key Value
--- -----
token hvs.CAESICfUzQZIhKaLrARrV_pqyvaofOmfPJgh1OGw7m3o2725GisKKWh2cy5oSlI3a2c2eURrd2FaME9pd3pzckplVWcubXktbmFtZXNwYWNl
token_accessor oXm454wsdywvqMbPhlp89JIX.my-namespace
token_duration 768h
token_renewable false
token_policies ["default" "enclaive-attested"]
identity_policies []
policies ["default" "enclaive-attested"]
token_meta_measurement none
token_meta_namespace my-namespace
token_meta_workload 6da1095a-c1f3-463d-bcd1-078af2dc2380
created 1743154819
description Add text
events http://localhost:8000
name Example
namespace my-namespace
nonce n/a
policy test
updated 1743154948
uuid 6da1095a-c1f3-463d-bcd1-078af2dc2380
In the output, you can see that token_meta_namespace
is set to my-namespace
. This confirms that while authenticated to root
, the issued token was assigned to my-namespace
, indicating that the token was issued from root
.
Last updated
Was this helpful?