Skip to main content

CLI Proxy

Integrated Authentication

OBLV Deploy services offer an integrated authentication service via OAuth. When the native OAuth-based auth is being used, the OBLV Deploy CLI Proxy consumes user credentials present in the configuration file.

Alternative Authentication

Other authentication types are possible for OBLV Deploy managed enclaves, but the authentication would run via application logic, as opposed to being integrated into the attestated connection.

To add the auth details into the configuration file, use the sub-command oblv configure auth as follows (all arguments are required).

oblv configure --config <config file> auth \
   --grant-type <grant-type>\
   --scope <scope>\
   --url <auth-server-url>\
   --client-id <client-id>\
   --client-secret <client-secret>
Updating the Auth Details
oblv configure --config config.yaml auth \
   --grant-type client_credentials\
   --scope competitor\
   --url https://auth.your-auth-server.com\
   --client-id "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"\
   --client-secret "XXXXXXXXXXXXXXXXXXXXXXXXXX"
Resulting Configuration File
oblvVersion: 0.1.0
usePCRServer: true
enclave:
  pcrs:
  - PCR0
  - PCR1
  - PCR2
pcrCheck: true
rServer: http://pcrs.oblv-deploy.com
images:
  docker.io/fluent/fluent-bit:2.1.10: sha256:5766d881ddb1fdacd9c5b24c9f28371ae22d44faaf3f7a510e5e86e37fd6244f
  nginx:1.25.3: sha256:c7a6ad68be85142c7fe1089e48faa1e7c7166a194caa9180ddea66345876b9d2
  oryd/oathkeeper:v0.38.6: sha256:80ac597442d75f8059e6ade47bb42b01bcebbc4f6d1a61237a4402547f6f5f82
  public.ecr.aws/oblivious-ai/oblv-sample-fastapi:latest: sha256:5adb8754823ba1cc18308dac0d116a48019dc6afe2ea921e60ca0f7df98cf850
plugins:
  fluentbit-logging:
  - name: fluent-bit.yaml
    digest: sha256:37e3c0aaa422c9245fe5a39b223f056f023e14dbc855ced8979ea066516148b1
  auth-plugin:
  - name: config.yaml
    digest: sha256:88eabdcaac2ecd5fe2b59fe8b9a12277c43878db7cd468dfd1b0aeffcbfe0626
  - name: rules.json
    digest: sha256:619fac4987a4774763b61e45828b7606fdee09893e04d978dd2ef2a319d65ef7
creds:
  authCreds:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: XXXXXXXXXXXXXXXXXXXXXXXXXX
    url: http://auth.your-auth-server.com
    grantType: client_credentials
    scope: competitor
maxRetries: 18
retryTimeout: 5
log:
  logLevel: trace
  maxSizeInMb: 5
  retaintionPeriodInDays: 7