Skip to main content

CLI Proxy

Remote Health Checks of Enclaves

One of the features of the OBLV Deploy enclaves is the ability to perform health checks on an enclave, ensuring it is up and running in a stable state and ready to accept external connections. Health checks also play a crucial role during the attestation process.

The OBLV Deploy CLI Proxy allows you to configure how it should behave when an enclave is not ready to accept requests, specifically:

SettingDescription
number of retriesMaximum number of retries to perform health check and fetch the attestation document in case of failure.
retry timeoutMaximum duration in seconds after which the CLI will retry to perform health check or fetch the attestation document.

To update these two values from the OBLV Deploy CLI Proxy, we can use the oblv configure sub-command:

oblv configure --config <config file>\
   --max-retries <max number of retries>\
   --retry-timeout <tieme in seconds>
Updating Configuration from the CLI Proxy
oblv configure --config config.yaml\
    --max-retries 5\
    --retry-timeout 10
Resulting Configuration File
oblvVersion: 0.1.0
usePCRServer: true
enclave:
  pcrs:
  - PCR0
  - PCR1
  - PCR2
pcrCheck: true
pcrServer: http://pcrs.oblv-deploy.com
images:
  oryd/oathkeeper:v0.38.6: sha256:80ac597442d75f8059e6ade47bb42b01bcebbc4f6d1a61237a4402547f6f5f82
  public.ecr.aws/oblivious-ai/oblv-sample-fastapi:latest: sha256:5adb8754823ba1cc18308dac0d116a48019dc6afe2ea921e60ca0f7df98cf850
  docker.io/fluent/fluent-bit:2.1.10: sha256:5766d881ddb1fdacd9c5b24c9f28371ae22d44faaf3f7a510e5e86e37fd6244f
  nginx:1.25.3: sha256:c7a6ad68be85142c7fe1089e48faa1e7c7166a194caa9180ddea66345876b9d2
plugins:
  fluentbit-logging:
  - name: fluent-bit.yaml
    digest: sha256:37e3c0aaa422c9245fe5a39b223f056f023e14dbc855ced8979ea066516148b1
  auth-plugin:
  - name: config.yaml
    digest: sha256:88eabdcaac2ecd5fe2b59fe8b9a12277c43878db7cd468dfd1b0aeffcbfe0626
  - name: rules.json
    digest: sha256:619fac4987a4774763b61e45828b7606fdee09893e04d978dd2ef2a319d65ef7
creds:
  authCreds:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: XXXXXXXXXXXXXXXXXXXXXXXXXX
    url: http://auth.your-auth-server.com
    grantType: client_credentials
    scope: competitor
maxRetries: 5
retryTimeout: 10
log:
  logLevel: trace
  maxSizeInMb: 5
  retaintionPeriodInDays: 7