Overview
This document provides a step-by-step guide for deploying the Anjuna Policy Manager Server and clients in GCP Confidential VMs.
In this guide, you will learn about the core functionality of the Anjuna Policy Manager (APM):
-
How to configure a client enclave to fetch secrets from the APM
-
How to add secrets to the APM
-
How to configure the APM to authorize client enclaves to fetch specific secrets
You will also learn about the following operational considerations:
-
How to configure TLS between the APM and client enclaves
-
How to improve automated deployments by auto-unsealing the APM
Architecture
In order to securely deliver secrets to client enclaves, the APM Server communicates with several GCP services. The following diagram shows how the APM uses Cloud KMS, Cloud Secret Manager, Cloud Storage, and Compute Engine.