Deploy the client
You have created and uploaded a client enclave disk image as described in the Client Docker images and Build the Anjuna Confidential Container for the client sections, and you have created and authorized enclaves to secrets in the Managing Secrets section.
Now run the following command to create a client enclave compute instance
(change the --machine value from the example n2d-standard-2 value if desired):
$ anjuna-gcp-cli instance create "${APM_CLIENT_INSTANCE}" \
--image "${APM_CLIENT_IMAGE}" \
--machine "n2d-standard-2" \
--network "${NETWORK_NAME}" \
--subnet "${SUBNET_NAME}" \
--zone "${GCP_ZONE}"Viewing client instance output
To view the serial console of the client enclave in real-time, run the following command (use CTRL-C to exit):
$ anjuna-gcp-cli instance describe "${APM_CLIENT_INSTANCE}" \
--serial --tailThe command displays the logs of the GCP Confidential VM as it boots. Look for the following output to confirm that it is performing the remote attestation step and retrieving the secrets from the Anjuna Policy Manager:
...
ANJ-ENCLAVE: Added environment variable: SECRET_ENV
ANJ-ENCLAVE: Added file: /secret_file.txt
ANJ-ENCLAVE: Did remote attestation
ANJ-ENCLAVE: Auto terminate: false
ANJ-ENCLAVE: Container setup finished
ANJ-ENCLAVE: Launching command /bin/sh -c export;sleep infinity
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
export PWD='/'
export SECRET_ENV='SecretEnvValue'
...As you can see, the client enclave was able to perform remote attestation
with the Anjuna Policy Manager.
After successful attestation, the client enclave fetched the environment variable SECRET_ENV,
which is now available for use by the container image.