---
title: "Add an application."
slug: "add-an-application"
updated: 2026-04-04T02:22:39Z
published: 2026-04-04T02:22:47Z
---
> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Add an application.
Post/v1/apps
Add an application.
SecurityAPI Key: bearerTokenHeader parameter nameAuthentication
A JWT bearer token to be passed once authenticated.
Body parameters
Request to add a new application.
Expand Allobject
Request to create an app.
namestring Required
Name of the app.
descriptionstring
Description of the app.
input_image_namestring Required
Input image name of images for apps.
output_image_namestring Required
Output image name of images for apps.
isvprodidinteger (int32)
Deprecated. Use default_build_settings instead. Isv Product Id.
isvsvninteger (int32)
Deprecated. Use default_build_settings instead. ISV Security Version Number.
mem_sizeinteger (int64)
Deprecated. Use default_build_settings instead. Memory size required for the image.
threadsinteger (int32)
Deprecated. Use default_build_settings instead. Threads req for the image.
default_build_settingsobject (DefaultBuildSettings)
DefaultBuildSettings for builds
sgxobject (DefaultSgxBuildSettings)
Default build settings for SGX/SGX2 builds
isvprodidinteger (int32)
ISV Product Id.
mem_sizeinteger (int64)
Memory size (in MBs) required for the image.
threadsinteger (int32)
Threads required for the image.
nitro_enclavesobject (DefaultNitroEnclavesBuildSettings)
Default build settings for Nitro Enclave builds
cpu_countinteger (int32)
CPU count
mem_sizeinteger (int64)
Enclave memory size in MBs
enable_overlay_filesystem_persistenceboolean
Flag to enable file persistence, on by default.
Defaulttrue
allowed_domains Array of string
A set of domains requested for this application; need to be approved.
string
advanced_settingsobject (AdvancedSettings)
Advanced settings for apps and images.
entrypoint Array of string
Entrypoint for the container.
string
encryptedDirs Array of string
List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.
- /tmp
- /run
- /ftx-efs
- /opt/fortanix/enclave-os/app-config/rw
Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.
string
certificateobject (CertificateConfig) issuerstring
Certificate issuance strategy
Valid values[
"MANAGER_CA",
"NODE",
"SELF_IAS"
]Default"MANAGER_CA"
subjectstring
Certificate subject common name, typically a DNS name
keyTypestring
Type of key to generate
Valid values[
"RSA"
]Default"RSA"
keyParamobject
Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.
keyPathstring
Path to expose the key in the application filesystem
certPathstring
Path to expose the certificate in the application filesystem
java_runtimestring
Java runtime mode for conversion.
Valid values[
"JAVA-ORACLE",
"OPENJDK",
"OPENJ9",
"LIBERTY-JRE"
]
rw_dirs Array of string
List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.
- /etc/hosts
- /etc/resolv.conf
- /etc/hostname
string
allowCmdlineArgsboolean
Allow command line arguments converter flag for an image.
manifestEnv Array of string
Environment variables that will be passed to the manifest file when the container is converted.
string
mutableEnv Array of string
Environment variables with supplied default values, but that may be overridden at runtime.
string
labelsobject property*string additionalProperties
custom_metadataobject property*string additionalProperties
certificate_policyobject (CertificateIssuancePolicy) require_known_imageboolean Required
require_known_signerboolean Required
require_known_nodeboolean Defaulttrue
signers Array of object (ApplicationSigner) object sgxobject (SgxSigner) mrsignerstring Required
mrsigner as a hex string.
isvprodidinteger (int32) Required
ISV Product Id.
nitro_enclaveobject (NitroEnclaveSigner) pcr8string Required
The signer pcr as a hex string.
group_idstring (uuid)
Group Id
Responses200
Details of an app.
Expand Allobject created_atinteger (int64)
Timestamp of image addition to the system.
updated_atinteger (int64)
Timestamp of image updation to the system.
namestring
Name of the app.
descriptionstring
Description of the app.
app_idstring (uuid)
UUID for the app.
input_image_namestring
Input image name of images for apps.
output_image_namestring
Output image name of images for apps.
isvprodidinteger (int32)
Deprecated. ISV Product Id.
isvsvninteger (int32)
Deprecated. ISV Security Version Number.
mem_sizeinteger (int64)
Deprecated. Memory size required for the image.
threadsinteger (int32)
Deprecated. Threads required for the image.
default_build_settingsobject (DefaultBuildSettings)
DefaultBuildSettings for builds
sgxobject (DefaultSgxBuildSettings)
Default build settings for SGX/SGX2 builds
isvprodidinteger (int32)
ISV Product Id.
mem_sizeinteger (int64)
Memory size (in MBs) required for the image.
threadsinteger (int32)
Threads required for the image.
nitro_enclavesobject (DefaultNitroEnclavesBuildSettings)
Default build settings for Nitro Enclave builds
cpu_countinteger (int32)
CPU count
mem_sizeinteger (int64)
Enclave memory size in MBs
enable_overlay_filesystem_persistenceboolean
Flag to enable file persistence, on by default.
Defaulttrue
allowed_domains Array of string
A set of domains requested for this application; need to be approved.
string
whitelisted_domains Array of string
A set of domains approved for usage by this application.
string
nodes Array of object (AppNodeInfo) object
Detailed info of an app running on a compute node.
certificateobject (Certificate)
A certificate request or issued certificate.
certificate_idstring (uuid)
Certificate ID.
statusstring
Certificate status.
Valid values[
"PENDING",
"REJECTED",
"ISSUED",
"REVOKED",
"EXPIRED"
]
csrstring
The certificate signing request.
certificatestring
The certificate itself, if issued.
node_idstring (uuid)
The node relevant to this certificate, if known.
app_idstring (uuid)
The app relevant to this certificate, if known.
build_idstring (uuid)
The build relevant to this certificate, if known.
created_atinteger (int64)
App compute node creation time.
node_idstring (uuid)
Compute Node Id.
node_namestring
Compute Node Name.
statusobject (AppStatus)
Run status info of an app for a compute node.
statusstring
Status string for the app on a compute node.
Valid values[
"RUNNING",
"STOPPED",
"UNKNOWN"
]
status_updated_atinteger (int64)
Time since the status change.
attested_atinteger (int64)
The app attestation date.
build_infoobject (Build)
Detailed info of an application image.
build_idstring (uuid)
Image Id.
docker_infoobject (DockerInfo)
Docker info of an image.
docker_image_namestring
Image docker image name.
docker_versionstring
Image docker version.
docker_image_shastring
Build docker image sha.
docker_image_sizeinteger (int64)
Docker image size in MiB (units of 2**20 bytes).
exposed_ports Array of object (DockerNetworkPort)
List of ports exposed by the Docker image.
object
A port exposed by a docker container.
portinteger
A valid, specific port number from 1..65535 (inclusive).
protocolstring
Protocol Associated with a Port exposed by a docker container.
Valid values[
"Tcp",
"Udp"
]
created_atinteger (int64)
Timestamp of image addition to the system (number of seconds since epoch).
updated_atinteger (int64)
Timestamp of when the image was updated (number of seconds since epoch).
app_idstring (uuid)
App Id.
app_namestring
App name.
statusobject (BuildStatus) statusstring
Status string for the image.
Valid values[
"REJECTED",
"WHITELISTED",
"PENDING"
]
status_updated_atinteger (int64)
Time since the status change.
deployment_statusobject (BuildDeploymentStatus) statusstring
Status string for the image deployment.
Valid values[
"DEPLOYED",
"UNDEPLOYED"
]
status_updated_atinteger (int64)
The time when the deployment status changed.
enclave_infoobject (EnclaveInfo)
Info on a application enclave.
mrenclavestring
mrenclave of an image, as a hex string.
mrsignerstring
mrsigner of an image, as a hex string.
isvprodidinteger (int32)
ISV Product Id.
isvsvninteger (int32)
ISV Security Version Number.
attributesobject
Image attributes
property*object (ImageAttributes) additionalPropertiessgxobject (SgxAttributes) mrenclavestring
mrenclave as a hex string.
features Array of string string
nitro_enclaveobject (NitroEnclaveAttributes) hash_algorithmstring
Nitro enclave hash algorithm
Valid values[
"Sha384"
]
pcr0string
A contiguous measure of the contents of the image file, without the section data as a hex string.
pcr1string
A contiguous measure of the contents of the image file, without the section data as a hex string.
pcr2string
A contiguous measure of the contents of the image file, without the section data as a hex string.
aciobject (AciAttributes)
ACI generated policy that represents the containers to run and other security restrictions.
policystring
Base64-encoded output of azure confcom acipolicygen tool.
azure_cvmobject (AzureCvmAttributes) pcrsobject
List of TPM PCRs hash values to enforce. 64 hex characters
hash_algstring Valid values[
"SHA256"
]
pcr0string
pcr1string
pcr2string
pcr3string
pcr4string
pcr5string
pcr6string
pcr7string
pcr8string
pcr9string
pcr10string
pcr11string
pcr12string
pcr13string
pcr14string
pcr15string
pcr16string
pcr17string
pcr18string
pcr19string
pcr20string
pcr21string
pcr22string
coprocessors Array of object (Coprocessor) object attestationstring
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
baremetal_tdxobject (BaremetalTdxAttributes) mrtdstring
TD firmware binary (OVMF.fd) measurement as a hex string.
rtmr0string
Firmware and platform runtime measurements as hex string
rtmr1string
Runtime measurement for kernel for direct boot and bootchain for indirect boot as hex string
rtmr2string
Runtime measurement of kernel cmdline and initrd as hex string
rtmr3string
Runtime extendable measurement register 3 as hex string
coprocessors Array of object (Coprocessor) object attestationstring
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
baremetal_amd_sev_snpobject (BaremetalAmdSevSnpAttributes) measurementstring
Guest Launch Measurement as hex string
vmplstring
Virtual Machine Privilege Level
Valid values[
"vmpl0",
"vmpl1",
"vmpl2",
"vmpl3"
]
coprocessors Array of object (Coprocessor) object attestationstring
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
app_descriptionstring
App Description.
mem_sizeinteger (int64)
Memory size required for the image.
threadsinteger (int32)
Threads required for the image.
advanced_settingsobject (AdvancedSettings)
Advanced settings for apps and images.
entrypoint Array of string
Entrypoint for the container.
string
encryptedDirs Array of string
List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.
- /tmp
- /run
- /ftx-efs
- /opt/fortanix/enclave-os/app-config/rw
Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.
string
certificateobject (CertificateConfig) issuerstring
Certificate issuance strategy
Valid values[
"MANAGER_CA",
"NODE",
"SELF_IAS"
]Default"MANAGER_CA"
subjectstring
Certificate subject common name, typically a DNS name
keyTypestring
Type of key to generate
Valid values[
"RSA"
]Default"RSA"
keyParamobject
Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.
keyPathstring
Path to expose the key in the application filesystem
certPathstring
Path to expose the certificate in the application filesystem
java_runtimestring
Java runtime mode for conversion.
Valid values[
"JAVA-ORACLE",
"OPENJDK",
"OPENJ9",
"LIBERTY-JRE"
]
rw_dirs Array of string
List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.
- /etc/hosts
- /etc/resolv.conf
- /etc/hostname
string
allowCmdlineArgsboolean
Allow command line arguments converter flag for an image.
manifestEnv Array of string
Environment variables that will be passed to the manifest file when the container is converted.
string
mutableEnv Array of string
Environment variables with supplied default values, but that may be overridden at runtime.
string
build_namestring
image name if curated app.
pending_task_idstring (uuid)
UUID of pending build whitelist task for the build
configsobject
Application configurations attached to the image.
property*object additionalProperties
marketplace_build_idstring (uuid)
Id of the corresponding marketplace listing.
launch_hintobject (LaunchHint)
This object encodes a suggested manner for launching a confidential application. It may need to be configured further depending on your environment.
azure_resource_templatestring
The Microsoft ARM Template for launching this build. May require some properties (such as the join token).
enable_overlay_filesystem_persistenceboolean
Flag indicating if file persistence is enabled. This is only for Nitro Enclaves.
group_idstring (uuid)
Group Id
message_countinteger (int32)
App heartbeat message count.
key_idstring
Key Id for app heartbeat.
is_debugboolean
App running in debug mode or not.
advanced_settingsobject (AdvancedSettings)
Advanced settings for apps and images.
entrypoint Array of string
Entrypoint for the container.
string
encryptedDirs Array of string
List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.
- /tmp
- /run
- /ftx-efs
- /opt/fortanix/enclave-os/app-config/rw
Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.
string
certificateobject (CertificateConfig) issuerstring
Certificate issuance strategy
Valid values[
"MANAGER_CA",
"NODE",
"SELF_IAS"
]Default"MANAGER_CA"
subjectstring
Certificate subject common name, typically a DNS name
keyTypestring
Type of key to generate
Valid values[
"RSA"
]Default"RSA"
keyParamobject
Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.
keyPathstring
Path to expose the key in the application filesystem
certPathstring
Path to expose the certificate in the application filesystem
java_runtimestring
Java runtime mode for conversion.
Valid values[
"JAVA-ORACLE",
"OPENJDK",
"OPENJ9",
"LIBERTY-JRE"
]
rw_dirs Array of string
List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.
- /etc/hosts
- /etc/resolv.conf
- /etc/hostname
string
allowCmdlineArgsboolean
Allow command line arguments converter flag for an image.
manifestEnv Array of string
Environment variables that will be passed to the manifest file when the container is converted.
string
mutableEnv Array of string
Environment variables with supplied default values, but that may be overridden at runtime.
string
pending_task_idstring (uuid)
UUID of pending domain whitelist task for the app.
domains_added Array of string string
domains_removed Array of string string
labelsobject property*string additionalProperties
custom_metadataobject property*string additionalProperties
certificate_policyobject (CertificateIssuancePolicy) require_known_imageboolean
require_known_signerboolean
require_known_nodeboolean Defaulttrue
signers Array of object (ApplicationSigner) object sgxobject (SgxSigner) mrsignerstring
mrsigner as a hex string.
isvprodidinteger (int32)
ISV Product Id.
nitro_enclaveobject (NitroEnclaveSigner) pcr8string
The signer pcr as a hex string.
marketplace_app_idstring (uuid)
Id of the corresponding marketplace listing.
group_idstring (uuid)
Group Id