Convert a docker image and create a new Nitro enclaves converted image.

Published on Jul 30, 2024

4 minute(s) read

Prev Next

Post

/v1/builds/convert-app/nitro-enclaves

Convert a docker image and create a new Nitro enclaves converted image.

Security

API Key

Header parameter nameAuthentication

A JWT bearer token to be passed once authenticated.

Body parameters

Nitro enclaves conversion request.

Expand All

object

request

object (ImageConversionRequest) Required

app_id

string (uuid) Required

App id of the image.

input_image

object (ConversionRequestImageInfo) Required

name

string Required

Docker image name

auth_config

object (AuthConfig)

Credentials for authenticating to a docker registry

username

string

User name for docker registry authentication

password

string

Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.

output_image

object (ConversionRequestImageInfo) Required

name

string Required

Docker image name

auth_config

object (AuthConfig)

Credentials for authenticating to a docker registry

username

string

User name for docker registry authentication

password

string

Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.

converter_options

object (ConverterOptions) Required

add_ccm_ca_certificates

boolean

Adds CCM CA certificates into the application.

allow_cmdline_args

boolean

Allow command line arguments.

debug

boolean

Enables debug logging from EnclaveOS

entrypoint

Array of string

Override the entrypoint of the original container

string

entrypoint_args

Array of string

Override additional arguments to the container entrypoint

string

env_vars

Array of string

List of manifest environment variables. For ACI, these fixed values become part of the security policy.

string

mutable_env_vars

Array of string

List of mutable environment variable default values. For ACI, these become deployment template parameters.

string

java_mode

string

Type of the Java JVM used

nitro_enclaves_options

object (NitroEnclavesConversionRequestOptions) Required

cpu_count

integer (int32)

CPU count

mem_size

integer (int64)

Enclave memory size in MBs

enable_overlay_filesystem_persistence

boolean

Flag to enable file persistence, on by default.

Default"True"

Responses

200

Details of the created image.

Expand All

object

Detailed info of an application image.

build_id

string (uuid)

Image Id.

docker_info

object (DockerInfo)

Docker info of an image.

docker_image_name

string

Image docker image name.

docker_version

string

Image docker version.

docker_image_sha

string

Build docker image sha.

docker_image_size

integer (int64)

Docker image size in MiB (units of 2**20 bytes).

exposed_ports

Array of object (DockerNetworkPort)

List of ports exposed by the Docker image.

object

A port exposed by a docker container.

port

integer

A valid, specific port number from 1..65535 (inclusive).

protocol

string

Protocol Associated with a Port exposed by a docker container.

Valid values[ "Tcp", "Udp" ]

created_at

integer (int64)

Timestamp of image addition to the system (number of seconds since epoch).

updated_at

integer (int64)

Timestamp of when the image was updated (number of seconds since epoch).

app_id

string (uuid)

App Id.

app_name

string

App name.

status

object (BuildStatus)

status

string

Status string for the image.

Valid values[ "REJECTED", "WHITELISTED", "PENDING" ]

status_updated_at

integer (int64)

Time since the status change.

deployment_status

object (BuildDeploymentStatus)

status

string

Status string for the image deployment.

Valid values[ "DEPLOYED", "UNDEPLOYED" ]

status_updated_at

integer (int64)

The time when the deployment status changed.

enclave_info

object (EnclaveInfo)

Info on a application enclave.

mrenclave

string

mrenclave of an image, as a hex string.

mrsigner

string

mrsigner of an image, as a hex string.

isvprodid

integer (int32)

ISV Product Id.

isvsvn

integer (int32)

ISV Security Version Number.

attributes

object

Image attributes

property*

object (ImageAttributes) additionalProperties

sgx

object (SgxAttributes)

mrenclave

string

mrenclave as a hex string.

features

Array of string

string

nitro_enclave

object (NitroEnclaveAttributes)

hash_algorithm

string

Nitro enclave hash algorithm

Valid values[ "Sha384" ]

pcr0

string

A contiguous measure of the contents of the image file, without the section data as a hex string.

pcr1

string

A contiguous measure of the contents of the image file, without the section data as a hex string.

pcr2

string

A contiguous measure of the contents of the image file, without the section data as a hex string.

aci

object (AciAttributes)

ACI generated policy that represents the containers to run and other security restrictions.

policy

string

Base64-encoded output of azure confcom acipolicygen tool.

app_description

string

App Description.

mem_size

integer (int64)

Memory size required for the image.

threads

integer (int32)

Threads required for the image.

advanced_settings

object (AdvancedSettings)

Advanced settings for apps and images.

entrypoint

Array of string

Entrypoint for the container.

string

encryptedDirs

Array of string

List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.

/tmp
/run
/ftx-efs
/opt/fortanix/enclave-os/app-config/rw Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.

string

certificate

object (CertificateConfig)

issuer

string

Certificate issuance strategy

Valid values[ "MANAGER_CA", "NODE", "SELF_IAS" ]

Default"MANAGER_CA"

subject

string

Certificate subject common name, typically a DNS name

keyType

string

Type of key to generate

Valid values[ "RSA" ]

Default"RSA"

keyParam

object

Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.

keyPath

string

Path to expose the key in the application filesystem

certPath

string

Path to expose the certificate in the application filesystem

java_runtime

string

Java runtime mode for conversion.

Valid values[ "JAVA-ORACLE", "OPENJDK", "OPENJ9", "LIBERTY-JRE" ]

rw_dirs

Array of string

List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.

/etc/hosts
/etc/resolv.conf
/etc/hostname

string

allowCmdlineArgs

boolean

Allow command line arguments converter flag for an image.

manifestEnv

Array of string

Environment variables that will be passed to the manifest file when the container is converted.

string

mutableEnv

Array of string

Environment variables with supplied default values, but that may be overridden at runtime.

string

build_name

string

image name if curated app.

pending_task_id

string (uuid)

UUID of pending build whitelist task for the build

configs

object

Application configurations attached to the image.

property*

object additionalProperties

marketplace_build_id

string (uuid)

Id of the corresponding marketplace listing.

launch_hint

object (LaunchHint)

This object encodes a suggested manner for launching a confidential application. It may need to be configured further depending on your environment.

azure_resource_template

string

The Microsoft ARM Template for launching this build. May require some properties (such as the join token).

enable_overlay_filesystem_persistence

boolean

Flag indicating if file persistence is enabled. This is only for Nitro Enclaves.

group_id

string (uuid)

Group Id

Was this article helpful?