Skip to main content

OBLV Client

Overview

OBLV Client (Oblivious Command Line Interface) is a reverse proxy designed to forward client HTTP requests to the enclave using a secure TLS connection.

CLI Command Reference

OBLV Client provides several commands for managing configurations, attesting and establishing connections with enclaves. Here is an overview of each command and its functionality:

oblv attest

Attestation is the most important feature of an enclave. It is a process to verify that the software running in the enclave is exactly the same that is required by the user.

oblv attest requires a config file which contains the PCR codes and the digests of the containers used by the application running in the enclave.

oblv configure

oblv configure is a command used to manage and update the YAML configuration file containing the information to validate the enclave and configuration settings required by the CLI itself.

It supports subcommands for updating specific configuration aspects like PCR codes, plugin configuration, log settings, and authentication details.

oblv configure image

Update the image to reflect what is running inside the enclave.

Note: oblv configure image just updates the image name and the digest for a given image.
It does not update the other configuration details in the configuration file.
If a new image name is provided, it creates a new entry for that image with empty/default values in the configuration file.

oblv configure plugin

Update the plugin to reflect what is running inside the enclave.

Note: oblv configure plugin just updates the plugin name and the digest for a given plugin.
It does not update the other configuration details in the configuration file.
If a new plugin name is provided, it creates a new entry for that plugin with empty/default values in the configuration file.

oblv configure auth

Configure the auth details in the configuration file.

The oblv configure auth command allows you to set up authentication details required for the enclave.

oblv configure log

Configure the logging details in the configuration file.

The oblv configure log command allows you to set the verbosity, size, and retention period of log files.

oblv connect

Connects to the OBLV Deploy enclave.

In this process, the OBLV CLI:

  • Performs the health check on the enclave.
  • Performs the attestation using the details provided in the config file.
  • Upon successful attestation, the CLI starts the reverse proxy or operates in the specified mode.

oblv get-config

To handwrite the config file required to connect to the enclave is a tedious task. OBLV CLI provides a way to make it easy.

The oblv get-config command generates a config.yaml file from the enclave's manifest file. This is the template config file which contains all of the information about the enclave, but it needs to be updated for user-specific details such as:

  • auth credentials
  • Users' preference for logging etc.

oblv get-peer-config

The oblv get-peer-config command generates the peer configuration file from the given input directory.

A peer enclave is an enclave that another enclave is permitted to communicate with after successful attestation.

Below is a sample peer config, which includes the hash for the enclave configuration along with the list of enclaves that share the same config:

{
"fastapi.yaml": {
"enclave_config": "62382adea2b537437a7ab1e987a0f56ae9a43922e934366fac5acd5ac707fde45be38c29d52ed96334d86163eaca7eef",
"enclaves": [
"localhost",
"fastapi2"
]
},
"websocket.yaml": {
"enclave_config": "49338f279752cf0356e413b1c05228201ac8612f8fcec20eeb6a7d2716aba10b53c3e55d1770fa343ad6aece8a4e0f1b",
"enclaves": [
"websocket1",
"websocket2"
]
}
}

What's Next?

For additional information on how to install OBLV CLI, refer to the Installing the CLI Proxy page.