Skip to main content

CLI Proxy

Specifying Containers

One of the most fundamental operations of the OBLV Deploy CLI Proxy is its ability to validate the services running inside of the enclave. Naturally, the oblv configure sub-command supports our ability to specify the exact images we wish to be running by specifying the service name and digest (a secure hash of the image):

oblv configure --config <config file> image \
    --name <the container image name>
    --digest <the digest string>
Automatic Image Names and digests

In general, the configuration file is automatically generated directly from a deployment manifest. The step to use oblv configure to set the image details manually is not commonly used.

Here's an example of manually specifying the image name and digest:

Updating Configuration from the CLI Proxy
oblv configure --config config.yaml image \
    --name postgres:16.2-alpine\
    --digest sha256:951bfda460300925caa3949eaa092ba022e9aec191bbea9056a39e2382260b27
Resulting Configuration File
oblvVersion: 0.1.0
usePCRServer: true
enclave:
  pcrs:
  - PCR0
  - PCR1
  - PCR2
pcrCheck: true
pcrServer: http://pcrs.oblv-deploy.com
images:
  public.ecr.aws/oblivious-ai/oblv-sample-fastapi:latest: sha256:5adb8754823ba1cc18308dac0d116a48019dc6afe2ea921e60ca0f7df98cf850
  nginx:1.25.3: sha256:c7a6ad68be85142c7fe1089e48faa1e7c7166a194caa9180ddea66345876b9d2
  postgres:16.2-alpine: sha256:951bfda460300925caa3949eaa092ba022e9aec191bbea9056a39e2382260b27
  docker.io/fluent/fluent-bit:2.1.10: sha256:5766d881ddb1fdacd9c5b24c9f28371ae22d44faaf3f7a510e5e86e37fd6244f
  oryd/oathkeeper:v0.38.6: sha256:80ac597442d75f8059e6ade47bb42b01bcebbc4f6d1a61237a4402547f6f5f82
plugins:
  auth-plugin:
  - name: config.yaml
    digest: sha256:88eabdcaac2ecd5fe2b59fe8b9a12277c43878db7cd468dfd1b0aeffcbfe0626
  - name: rules.json
    digest: sha256:619fac4987a4774763b61e45828b7606fdee09893e04d978dd2ef2a319d65ef7
  fluentbit-logging:
  - name: fluent-bit.yaml
    digest: sha256:37e3c0aaa422c9245fe5a39b223f056f023e14dbc855ced8979ea066516148b1
creds:
  authCreds:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: XXXXXXXXXXXXXXXXXXXXXXXXXX
    url: http://auth.your-auth-server.com
    grantType: client_credentials
    scope: competitor
maxRetries: 5
retryTimeout: 10
log:
  logLevel: trace
  maxSizeInMb: 5
  retaintionPeriodInDays: 7