Attestation with the Anjuna Policy Manager
The Anjuna Policy Manager (APM) provides remote attestation and secure secret release for AMD SEV-SNP Anjuna Confidential Containers. The APM version 3.1+ supports this functionality for bare metal, and is available for download from the Anjuna Resource Center.
The APM allows policies to be created that constrain secret access to particular Anjuna Confidential Containers. Complete details on managing policies and secrets can be found in the APM documentation.
The APM is deployed as an Auth plugin to HashiCorp Vault Community or Vault Enterprise, running either as a single instance or an HA cluster. For cluster deployment, the APM plugin binary would be copied to each node and registered only on the leader. For more information about Vault Enterprise and HA clusters, see the official HashiCorp documentation.
Download and extract the tar archive of the APM from the
Anjuna Resource Center
into the current working directory.
The APM plugin binary is named anjuna-policy-manager-plugin and is located under the bin directory.
This section covers:
-
Vault deployment — an optional example deployment of Vault if you do not already have one running.
-
Deploying the APM plugin — how to register and enable the APM plugin in Vault.
-
Confidential Container configuration — how to configure an Anjuna Confidential Container to retrieve secrets from the APM.
-
Creating secrets and policies — how to create secrets and set up access policies.