Registry and image name for the input container, e.g. my-registry/sample-app:latest
Registry and image name for the output container, e.g. my-registry/sample-app-enclaveos:latest
Credentials for authenticating to a docker registry
User name for docker registry authentication
Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.
Credentials for authenticating to a docker registry
User name for docker registry authentication
Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.
Credentials for authenticating to a docker registry
User name for docker registry authentication
Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.
This is the enclave productId.
This is the enclave security version.
Override the enclave size, e.g. 2048M. Suffixes K, M, and G are supported.
Number of enclave threads
Enables debug logging from EnclaveOS
Override the entrypoint of the original container
Override additional arguments to the container entrypoint
List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.
- /tmp
- /run
- /ftx-efs
- /opt/fortanix/enclave-os/app-config/rw Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.
Add additional options to EnclaveOS manifest file
Certificate issuance strategy
Certificate subject common name, typically a DNS name
Type of key to generate
Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.
Path to expose the key in the application filesystem
Path to expose the certificate in the application filesystem
Configures a key to sign the converted image
Requests signing the converted image with a default key
Configures an SDKMS signing key. The key must be an RSA key with public exponent 3.
name of the signing key in SDKMS
API key to authenticate with SDKMS
Fortanix external packages mount point in the toolserver container
Template for generating debug core dump file paths
Path for EnclaveOS log file
List of read only directories Default read-only directories - enclave-os protects the integrity of these files and hence only allows these files to be read and not modified.
- /
- /opt/fortanix/enclave-os/app-config/ro
List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.
- /etc/hosts
- /etc/resolv.conf
- /etc/hostname
Allow command line arguments to EnclaveOS application
List of manifest environment variables
Registry and image name for the output container (same as outputImageName in the request)
Registry and image name for the output container (same as outputImageName in the request)
Shortened SHA256 Hash of the output image (This is the id of the image)
The output image size in bytes
This is the enclave productId which is same as the isvprodid in input request, if set. Default value is 0
This is the enclave security version which is same as the isvsvn in input request, if set. Default value is 0
This is the measurement of the enclave which uniquely identifies the shielded application. This is in hex format.
This is the measurement of the enclave which uniquely identifies the shielded application for SGX2. This is in hex format.
This is the hash of the signing key which uniquely identifies the signing key. This is in hex format.