Running the Nitro Enclave to Access the KMS Encrypted Secret

In the previous sections, you:

created an AWS KMS Customer Master Key
encrypted some data with it
built and measured a Nitro Enclave that will attempt to decrypt the data using the Nitro Attestation process
updated the policy attached to the Customer Master Key to authorize this specific Nitro Enclave to decrypt data

It is now time to run the Nitro Enclave and verify that it will present a Signed Attestation Document to decrypt the data.

Run the following commands to start and view the console output of the Nitro Enclave:

$ anjuna-nitro-cli run-enclave --cpu-count 2 --memory 4096 --eif-path nitro-kms.eif --debug-mode
$ anjuna-nitro-cli console --enclave-id $(nitro-cli describe-enclaves | jq -r .[0].EnclaveID)

The command should produce some output and display the original content of the secrets file.

To see the enclave output (using the anjuna-nitro-cli console command), you MUST run the enclave in debug mode. In a typical use case scenario, the enclave would never print the content of the secrets.