Licensing the Anjuna Nitro Runtime

The Anjuna Nitro Runtime requires a license file. Licenses are signed YAML files and verify that you are authorized to use the Anjuna Nitro Runtime for a certain time period.

License types and expiration

A license may have two types. The type of license is represented by the kind field in the license file. A trial-type license is used for proof-of-concept projects and trials, while a licensed-type license is used for up-and-running software that serves your development, testing, and production environments.

You cannot build or run an enclave without a license present.

For trial-type licenses, running enclaves will terminate if the license has expired. You cannot start an enclave if the license has expired.

For licensed-type licenses, running enclaves will not terminate when the license expires in order to avoid impacting your customers. New enclaves will also continue to start even if the license has expired. You can also build new enclave image files (EIFs) even if the license has expired. Use of an expired licensed-type license will produce log messages like this:

The license for CUSTOMER expired on September 13, 2022
Contact Anjuna Sales Team at sales@anjuna.io to obtain a license

AWS Nitro licenses are valid for any version of the Anjuna Nitro Runtime, but not any other runtime platform like the Anjuna Runtime for IntelĀ® SGX Enclaves.

Get your license

Visit the Anjuna Resource Center to download your license file. Your license file is associated with your Anjuna Resource Center account.

Here is an example of a license file. If the kind type or expires date is not as expected, contact sales@anjuna.io.

version: v1
license:
  kind: licensed
  products: [nitro]
  issued: 2022-08-12T02:48:28Z
  expires: 2022-08-18T23:59:59Z
  enforced: true
anjuna-contact:
  name: Anjuna Sales Team
  email: sales@anjuna.io
account:
  name: Anjuna Customer
  email: customer@example.com
---
signature: |
-----BEGIN SIGNATURE-----
MGYCMQD4VH52JN6oaiWOWPxMsLdSSJ9WcxI68krcvoJHFV9tII6/jMxvlgq2h5TM
QMRIzagCMQC063PQmGKR5UEDRoaOKuq6wFy18uxaeOrvJ2Y1u+6zA+UTEbaG2+Tp
nxcHV+BZZfk=
-----END SIGNATURE-----
certificate: |
----BEGIN CERTIFICATE----
MIICHzCCAaSgAwIBAgIBADAKBggqhkjOPQQDAzBwMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEYMBYGA1UEChMPQW5qdW5hIFNl
Y3VyaXR5MRIwEAYDVQQLEwlMaWNlbnNpbmcxEjAQBgNVBAMTCWFuanVuYS5pbzAe
Fw0yMjA2MzAwNjQ1MzVaFw0yMjA5MzAwNjQ1MzVaMHAxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIEwJDQTESMBAGA1UEBxMJUGFsbyBBbHRvMRgwFgYDVQQKEw9Bbmp1bmEg
U2VjdXJpdHkxEjAQBgNVBAsTCUxpY2Vuc2luZzESMBAGA1UEAxMJYW5qdW5hLmlv
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEn7J6Lw3OdfA4Q/k0HMoLneDY7S5wjnhm
3T9aZErr9rEDZivt0UxiyRD7lMJB5Uph2cBERAW0aJKJWEaKP9nCdreTxcJDNCee
/atDkOChBuik1pCLWZKN00qh4cKb5W1XoxIwEDAOBgNVHQ8BAf8EBAMCB4AwCgYI
KoZIzj0EAwMDaQAwZgIxAMocm1SQt42d4JkDy0Q1/wXZGpP5gLzr3PBod/bZXamx
ZYj5zv3xmVMzebZDg8CRtwIxAIFDf22vVsqYID13e58bdJ8uUqD6zWvoMvUEO4wv
ZHATPLY3Mnwn6TDKUkyXYATZkA==
----END CERTIFICATE----

Use your license

A license is activated by placing the file onto the AWS Nitro EC2 instance at the default path /opt/anjuna/license.yaml. You can use the environment variable ANJUNA_LICENSE_PATH to configure a different location for the license.

For EKS, you will need to create a Kubernetes secret for the license file. The Anjuna Nitro Webhook will mount the license file automatically to your Pod. See Licensing the Anjuna Nitro Runtime for an Anjuna Nitro Pod for details.

Upon successful activation, you will see a line similar to the following in the enclave logs:

Licensed to Anjuna customer until July 13, 2023

Renew your license

After signing a new contract or extending an existing one, you can visit the Anjuna Resource Center to download a new license file.

The new license can be used to start new enclaves. See Use your license for details on how to do this.

You can also renew the license of a running enclave by one of the following methods:

  • Putting the new license at the same path that you used when starting the enclave

  • Updating the Kubernetes secret, which is volume mounted to the enclave Pod

The Anjuna Runtime will automatically detect the new license and extend the term.

If the new license is invalid, then the Anjuna Nitro Runtime may terminate the running enclave. To prevent unexpected downtime, try using the new license to start an enclave on a different host before replacing the old license file for a running enclave.