anjuna-gcp-cli disk create
anjuna-gcp-cli disk create --docker-uri <docker-uri> [OPTIONS...]
Builds a raw disk image locally.
After executing the command, a raw disk image is created.
By default, the name of the file is disk.raw
(if not specified by the --disk
command-line parameter).
The disk image is not compressed, and the locally created file (disk.raw by default)
will be the same size as specified by the --size command line parameter (10GB by default).
The size can be specified in various units (MB /GB ).
|
Options
--docker-uri
(Required) Docker image to use
If the image is not present locally, the command will pull the image from the specified registry.
The Docker image can be specified by:
-
a Docker URI to any Docker registry you have access to (Docker Hub, Google Container Registry, Artifactory Docker Registry, etc.)
-
a local URI (for example
hello-world:latest
)
When using a Docker Registry, you must handle the authentication to that
registry before invoking the anjuna-gcp-cli disk create
command.
--size
Size of the disk image (default: 10G)
The specified disk size dictates the amount of available storage when running the GCP Confidential VM. Make sure you specify a disk size that is consistent with your application needs. |
--config
Path to the enclave configuration file that includes the Anjuna Policy Manager configuration
--signing-key
Path to a private RSA key to use for signing the disk image
The --signing-key
argument will take the path to an RSA private key to sign the disk image.
For the resulting disk image, the value of PCR16
will be based on this signing key.
The Anjuna Policy Manager can be configured to release secrets based on PCR16
.
NIST recommends using at least 2048 bits for RSA keys.
The following command generates a 2048-bit RSA private key using openssl
and stores it in the file signingkey.priv
:
$ openssl genrsa -out signingkey.priv 2048