Anjuna Policy Manager Broker

Name

apmbroker — Start the Anjuna Policy Manager Broker.

Synopsis

anjuna-sgxrun apmbroker -s, --socket-name string

Description

The apmbroker tool (included in the Anjuna SGX Runtime installer) is an extension of the Anjuna SGX Runtime to communicate with the Anjuna Policy Manager.

When the Anjuna SGX Runtime is configured to retrieve encryption keys from the Anjuna Policy Manager, it requires the apmbroker to be running. If the apmbroker is not running, the Anjuna SGX Runtime fails to start if it requires access to the Anjuna Policy Manager.

When the Anjuna SGX Runtime is not configured to connect to the Anjuna Policy Manager, the apmbroker tool is not required.

To start the apmbroker, run the command:

$ anjuna-sgxrun apmbroker

Note that the apmbroker tool itself needs to run inside an enclave in order to protect the secrets that it retrieves from the Anjuna Policy Manager. However, it does not need any special configuration in the manifest file.

Your application running with Anjuna SGX Runtime will communicate with the apmbroker using an end-to-end secure TLS channel.

Run the apmbroker in a separate directory from your application so that it does not use the same manifest.template.yaml file as your application.

To configure the Anjuna SGX Runtime to connect to the Anjuna Policy Manager, add the following entries to your application’s manifest.template.yaml:

policy_manager:
    socket: apm-broker
    url: <server-url>

The socket name used to communicate with the apmbroker can be customized:

$ anjuna-sgxrun apmbroker -s some-name

In this case, the manifest.template.yaml should contain:

policy_manager:
    socket: some-name
    url: <server-url>