Skip to main content

CLI Proxy

Specifying Plugins

Similar to the container images, plugins also have the digest but they also have the name of the configuration and the digest for that configuration.

Automatic Image Names and digests

In general, the configuration file is automatically generated directly from a deployment manifest. The step to use oblv configure to set the plugin details manually is not commonly used.

We can add a new plugin into the configuration using oblv configure plugin command:

oblv configure --config <config file> plugin \
     --name <name of the plugin>\
     --plugin-config <name of the config file>\
     --config-digest <digest of the config file>

Here's an example of manually adding plugin details:

Updating Configuration from the CLI Proxy
oblv configure --config config.yaml plugin \
     --name telemetry\
     --plugin-config telemetry.yaml\
     --config-digest sha256:d34b010d3edce770e2e988d829ba6246a82c845ae934334a99073bf2a69bba49
Resulting Configuration File
oblvVersion: 0.1.0
usePCRServer: true
enclave:
  pcrs:
  - PCR0
  - PCR1
  - PCR2
pcrCheck: true
pcrServer: http://pcrs.oblv-deploy.com
images:
  postgres:16.2-alpine: sha256:951bfda460300925caa3949eaa092ba022e9aec191bbea9056a39e2382260b27
  nginx:1.25.3: sha256:c7a6ad68be85142c7fe1089e48faa1e7c7166a194caa9180ddea66345876b9d2
  docker.io/fluent/fluent-bit:2.1.10: sha256:5766d881ddb1fdacd9c5b24c9f28371ae22d44faaf3f7a510e5e86e37fd6244f
  public.ecr.aws/oblivious-ai/oblv-sample-fastapi:latest: sha256:5adb8754823ba1cc18308dac0d116a48019dc6afe2ea921e60ca0f7df98cf850
  oryd/oathkeeper:v0.38.6: sha256:80ac597442d75f8059e6ade47bb42b01bcebbc4f6d1a61237a4402547f6f5f82
plugins:
  auth-plugin:
  - name: config.yaml
    digest: sha256:88eabdcaac2ecd5fe2b59fe8b9a12277c43878db7cd468dfd1b0aeffcbfe0626
  - name: rules.json
    digest: sha256:619fac4987a4774763b61e45828b7606fdee09893e04d978dd2ef2a319d65ef7
  fluentbit-logging:
  - name: fluent-bit.yaml
    digest: sha256:37e3c0aaa422c9245fe5a39b223f056f023e14dbc855ced8979ea066516148b1
  telemetry:
  - name: telemetry.yaml
    digest: sha256:d34b010d3edce770e2e988d829ba6246a82c845ae934334a99073bf2a69bba49
creds:
  authCreds:
    clientId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    clientSecret: XXXXXXXXXXXXXXXXXXXXXXXXXX
    url: http://auth.your-auth-server.com
    grantType: client_credentials
    scope: competitor
maxRetries: 5
retryTimeout: 10
log:
  logLevel: trace
  maxSizeInMb: 5
  retaintionPeriodInDays: 7