Including binary data in an enclave configuration file

The Using AWS KMS to encrypt a secret page shows how to use the encrypted configuration to create a file with text content. You can also create a file with binary data, as shown in the following example.

  1. Generate a key: openssl rand 16 > my.key

  2. Convert to base64 format: cat my.key | base64 | tr -d '\n'

  3. In the enclave configuration file, add a files entry with a flag indicating binary content (!!binary in line 6):

version: 1.8

files:
  - path:  "/etc/my.key"
    mode:  0644
    content: !!binary |
      MTIzNDU2Nzg5MGFiY2RlZgo=
      # replace the content above "MTIz..." with your base64-encoded binary content

On creation, the enclave will generate the file with the content in binary format.

This !!binary tag is the explicit YAML tags syntax. The Anjuna Nitro Runtime supports configuration files with binary content (when using the tag as shown above), or files with string content by default.