Convert an application to run in EnclaveOS.

Published on Jul 30, 2024

2 minute(s) read

Prev Next

Post

/v1/tools/converter/convert-app/sgx

Body parameters

Expand All

object

request

object (ConverterSvcConversionRequest) Required

input_image

object (ConversionRequestImageInfo) Required

name

string Required

Docker image name

auth_config

object (AuthConfig)

Credentials for authenticating to a docker registry

username

string

User name for docker registry authentication

password

string

Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.

output_image

object (ConversionRequestImageInfo) Required

name

string Required

Docker image name

auth_config

object (AuthConfig)

Credentials for authenticating to a docker registry

username

string

User name for docker registry authentication

password

string

Password for docker registry authentication. Note that this field may be redacted when it appears in API responses.

converter_options

object (ConverterSvcConverterOptions) Required

allow_cmdline_args

boolean

Allow command line arguments.

allow_docker_pull_failure

boolean

Allow Docker Pull failure.

certificates

Array of object (CertificateConfig)

object

issuer

string

Certificate issuance strategy

Valid values[ "MANAGER_CA", "NODE", "SELF_IAS" ]

Default"MANAGER_CA"

subject

string

Certificate subject common name, typically a DNS name

keyType

string

Type of key to generate

Valid values[ "RSA" ]

Default"RSA"

keyParam

object

Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.

keyPath

string

Path to expose the key in the application filesystem

certPath

string

Path to expose the certificate in the application filesystem

debug

boolean

Enables debug logging from EnclaveOS

entrypoint

Array of string

Override the entrypoint of the original container

string

entrypoint_args

Array of string

Override additional arguments to the container entrypoint

string

push_converted_image

boolean

Enables Pushing Converted Image

env_vars

Array of string

List of manifest environment variables. For ACI, these fixed values become part of the security policy.

string

mutable_env_vars

Array of string

List of mutable environment variable default values. For ACI, these become deployment template parameters.

string

java_mode

string

Type of the Java JVM used

sgx_options

object (ConverterSvcSgxConversionRequestOptions) Required

isvsvn

integer (int64)

Isvsvn

isvprodid

integer (int64)

Isvprodid

mem_size

string

Enclave memory size

threads

integer (int32)

Threads

core_dump_pattern

string

Template for generating debug core dump file paths

log_file_path

string

Path for EnclaveOS log file

manifest_options

object

Add additional options to EnclaveOS manifest file

signing_key

object (SigningKeyConfig)

Configures a key to sign the converted image

default

object (DefaultSigningKeyConfig)

Requests signing the converted image with a default key

sdkms

object (SdkmsSigningKeyConfig)

Configures an SDKMS signing key. The key must be an RSA key with public exponent 3.

name

string

name of the signing key in SDKMS

apiKey

string

API key to authenticate with SDKMS

encrypted_dirs

Array of string

List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.

/tmp
/run
/ftx-efs
/opt/fortanix/enclave-os/app-config/rw Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.

string

ro_dirs

Array of string

List of read only directories Default read-only directories - enclave-os protects the integrity of these files and hence only allows these files to be read and not modified.

/
/opt/fortanix/enclave-os/app-config/ro

string

rw_dirs

Array of string

List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.

/etc/hosts
/etc/resolv.conf
/etc/hostname

string

Responses

200

Registry and image name for the output container (same as outputImageName in the request)

Expand All

object

converted_image

object (ConverterSvcConvertedImageInfo)

name

string

Converted image name (with tag)

sha

string

Converted image sha

size

integer (int64)

Converted image size

config

object (ConverterSvcSgxConfig)

isvprodid

integer (int32)

isvsvn

integer (int32)

measurements

object

Sgx Measurements

property*

object (SgxAttributes) additionalProperties

mrenclave

string

mrenclave as a hex string.

features

Array of string

string

mrsigner

string

Was this article helpful?