---
title: "Create a new image."
slug: "create-a-new-image"
updated: 2026-04-04T02:22:39Z
published: 2026-04-04T02:22:47Z
---
> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Create a new image.
Post/v1/builds
Create a new image.
SecurityAPI Key: bearerTokenHeader parameter nameAuthentication
A JWT bearer token to be passed once authenticated.
Body parameters
Request to create an image entry.
Expand Allobject docker_infoobject (DockerInfo)
Docker info of an image.
docker_image_namestring Required
Image docker image name.
docker_versionstring Required
Image docker version.
docker_image_shastring
Build docker image sha.
docker_image_sizeinteger (int64)
Docker image size in MiB (units of 2**20 bytes).
exposed_ports Array of object (DockerNetworkPort)
List of ports exposed by the Docker image.
object
A port exposed by a docker container.
portinteger Required
A valid, specific port number from 1..65535 (inclusive).
protocolstring Required
Protocol Associated with a Port exposed by a docker container.
Valid values[
"Tcp",
"Udp"
]
mrenclavestring
mrenclave of the image.
mrsignerstring
mrsigner of the image.
isvprodidinteger (int32)
Isv Product Id of the image.
isvsvninteger (int32)
ISV Security Version Number of the image.
app_idstring (uuid)
App id of the image.
app_namestring
App name of the image.
mem_sizeinteger (int64)
Memory size required for the image.
threadsinteger (int32)
Threads required for the image.
attributesobject
Image attributes
property*object (ImageAttributes) additionalPropertiessgxobject (SgxAttributes) mrenclavestring Required
mrenclave as a hex string.
features Array of string string
nitro_enclaveobject (NitroEnclaveAttributes) hash_algorithmstring Required
Nitro enclave hash algorithm
Valid values[
"Sha384"
]
pcr0string Required
A contiguous measure of the contents of the image file, without the section data as a hex string.
pcr1string Required
A contiguous measure of the contents of the image file, without the section data as a hex string.
pcr2string Required
A contiguous measure of the contents of the image file, without the section data as a hex string.
aciobject (AciAttributes)
ACI generated policy that represents the containers to run and other security restrictions.
policystring Required
Base64-encoded output of azure confcom acipolicygen tool.
azure_cvmobject (AzureCvmAttributes) pcrsobject Required
List of TPM PCRs hash values to enforce. 64 hex characters
hash_algstring RequiredValid values[
"SHA256"
]
pcr0string
pcr1string
pcr2string
pcr3string
pcr4string
pcr5string
pcr6string
pcr7string
pcr8string
pcr9string
pcr10string
pcr11string
pcr12string
pcr13string
pcr14string
pcr15string
pcr16string
pcr17string
pcr18string
pcr19string
pcr20string
pcr21string
pcr22string
coprocessors Array of object (Coprocessor) Requiredobject attestationstring Required
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
baremetal_tdxobject (BaremetalTdxAttributes) mrtdstring Required
TD firmware binary (OVMF.fd) measurement as a hex string.
rtmr0string Required
Firmware and platform runtime measurements as hex string
rtmr1string Required
Runtime measurement for kernel for direct boot and bootchain for indirect boot as hex string
rtmr2string Required
Runtime measurement of kernel cmdline and initrd as hex string
rtmr3string Required
Runtime extendable measurement register 3 as hex string
coprocessors Array of object (Coprocessor) Requiredobject attestationstring Required
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
baremetal_amd_sev_snpobject (BaremetalAmdSevSnpAttributes) measurementstring Required
Guest Launch Measurement as hex string
vmplstring Required
Virtual Machine Privilege Level
Valid values[
"vmpl0",
"vmpl1",
"vmpl2",
"vmpl3"
]
coprocessors Array of object (Coprocessor) Requiredobject attestationstring Required
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
advanced_settingsobject (AdvancedSettings)
Advanced settings for apps and images.
entrypoint Array of string
Entrypoint for the container.
string
encryptedDirs Array of string
List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.
- /tmp
- /run
- /ftx-efs
- /opt/fortanix/enclave-os/app-config/rw
Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.
string
certificateobject (CertificateConfig) issuerstring
Certificate issuance strategy
Valid values[
"MANAGER_CA",
"NODE",
"SELF_IAS"
]Default"MANAGER_CA"
subjectstring
Certificate subject common name, typically a DNS name
keyTypestring
Type of key to generate
Valid values[
"RSA"
]Default"RSA"
keyParamobject
Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.
keyPathstring
Path to expose the key in the application filesystem
certPathstring
Path to expose the certificate in the application filesystem
java_runtimestring
Java runtime mode for conversion.
Valid values[
"JAVA-ORACLE",
"OPENJDK",
"OPENJ9",
"LIBERTY-JRE"
]
rw_dirs Array of string
List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.
- /etc/hosts
- /etc/resolv.conf
- /etc/hostname
string
allowCmdlineArgsboolean
Allow command line arguments converter flag for an image.
manifestEnv Array of string
Environment variables that will be passed to the manifest file when the container is converted.
string
mutableEnv Array of string
Environment variables with supplied default values, but that may be overridden at runtime.
string
launch_hintobject (LaunchHint)
This object encodes a suggested manner for launching a confidential application. It may need to be configured further depending on your environment.
azure_resource_templatestring
The Microsoft ARM Template for launching this build. May require some properties (such as the join token).
enable_overlay_filesystem_persistenceboolean
Flag to enable file persistence, off by default. This is only for use with Nitro Enclaves.
Defaultfalse
group_idstring (uuid)
In case of curated app, group_id may be passed so that we can create an app and build in the particular group.
Responses200
Details of the created image.
Expand Allobject
Detailed info of an application image.
build_idstring (uuid)
Image Id.
docker_infoobject (DockerInfo)
Docker info of an image.
docker_image_namestring
Image docker image name.
docker_versionstring
Image docker version.
docker_image_shastring
Build docker image sha.
docker_image_sizeinteger (int64)
Docker image size in MiB (units of 2**20 bytes).
exposed_ports Array of object (DockerNetworkPort)
List of ports exposed by the Docker image.
object
A port exposed by a docker container.
portinteger
A valid, specific port number from 1..65535 (inclusive).
protocolstring
Protocol Associated with a Port exposed by a docker container.
Valid values[
"Tcp",
"Udp"
]
created_atinteger (int64)
Timestamp of image addition to the system (number of seconds since epoch).
updated_atinteger (int64)
Timestamp of when the image was updated (number of seconds since epoch).
app_idstring (uuid)
App Id.
app_namestring
App name.
statusobject (BuildStatus) statusstring
Status string for the image.
Valid values[
"REJECTED",
"WHITELISTED",
"PENDING"
]
status_updated_atinteger (int64)
Time since the status change.
deployment_statusobject (BuildDeploymentStatus) statusstring
Status string for the image deployment.
Valid values[
"DEPLOYED",
"UNDEPLOYED"
]
status_updated_atinteger (int64)
The time when the deployment status changed.
enclave_infoobject (EnclaveInfo)
Info on a application enclave.
mrenclavestring
mrenclave of an image, as a hex string.
mrsignerstring
mrsigner of an image, as a hex string.
isvprodidinteger (int32)
ISV Product Id.
isvsvninteger (int32)
ISV Security Version Number.
attributesobject
Image attributes
property*object (ImageAttributes) additionalPropertiessgxobject (SgxAttributes) mrenclavestring
mrenclave as a hex string.
features Array of string string
nitro_enclaveobject (NitroEnclaveAttributes) hash_algorithmstring
Nitro enclave hash algorithm
Valid values[
"Sha384"
]
pcr0string
A contiguous measure of the contents of the image file, without the section data as a hex string.
pcr1string
A contiguous measure of the contents of the image file, without the section data as a hex string.
pcr2string
A contiguous measure of the contents of the image file, without the section data as a hex string.
aciobject (AciAttributes)
ACI generated policy that represents the containers to run and other security restrictions.
policystring
Base64-encoded output of azure confcom acipolicygen tool.
azure_cvmobject (AzureCvmAttributes) pcrsobject
List of TPM PCRs hash values to enforce. 64 hex characters
hash_algstring Valid values[
"SHA256"
]
pcr0string
pcr1string
pcr2string
pcr3string
pcr4string
pcr5string
pcr6string
pcr7string
pcr8string
pcr9string
pcr10string
pcr11string
pcr12string
pcr13string
pcr14string
pcr15string
pcr16string
pcr17string
pcr18string
pcr19string
pcr20string
pcr21string
pcr22string
coprocessors Array of object (Coprocessor) object attestationstring
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
baremetal_tdxobject (BaremetalTdxAttributes) mrtdstring
TD firmware binary (OVMF.fd) measurement as a hex string.
rtmr0string
Firmware and platform runtime measurements as hex string
rtmr1string
Runtime measurement for kernel for direct boot and bootchain for indirect boot as hex string
rtmr2string
Runtime measurement of kernel cmdline and initrd as hex string
rtmr3string
Runtime extendable measurement register 3 as hex string
coprocessors Array of object (Coprocessor) object attestationstring
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
baremetal_amd_sev_snpobject (BaremetalAmdSevSnpAttributes) measurementstring
Guest Launch Measurement as hex string
vmplstring
Virtual Machine Privilege Level
Valid values[
"vmpl0",
"vmpl1",
"vmpl2",
"vmpl3"
]
coprocessors Array of object (Coprocessor) object attestationstring
Specifies whether attestation is required or ignored.
Valid values[
"Ignored",
"Required"
]
gpu_vendorstring
An enum for GPU Vendor
Valid values[
"Nvidia"
]
app_descriptionstring
App Description.
mem_sizeinteger (int64)
Memory size required for the image.
threadsinteger (int32)
Threads required for the image.
advanced_settingsobject (AdvancedSettings)
Advanced settings for apps and images.
entrypoint Array of string
Entrypoint for the container.
string
encryptedDirs Array of string
List of read-write files and/or directories which are encrypted using the enclave sealing key Default encrypted directories - enclave-os protects the content in these files by encrypting them using the enclave sealing key. Anyone is allowed to read from or write to these files but only the enclave application can see it's contents in plain text.
- /tmp
- /run
- /ftx-efs
- /opt/fortanix/enclave-os/app-config/rw
Tips while debugging -> The default encrypted directories visible to the guest application as /tmp, /run and /ftx-efs are available in the container filesystem at /opt/fortanix/enclave-os/default-efs-dirs/.
string
certificateobject (CertificateConfig) issuerstring
Certificate issuance strategy
Valid values[
"MANAGER_CA",
"NODE",
"SELF_IAS"
]Default"MANAGER_CA"
subjectstring
Certificate subject common name, typically a DNS name
keyTypestring
Type of key to generate
Valid values[
"RSA"
]Default"RSA"
keyParamobject
Key parameters. Currently must be an instance of RsaKeyParam, but other types may be supported in the future.
keyPathstring
Path to expose the key in the application filesystem
certPathstring
Path to expose the certificate in the application filesystem
java_runtimestring
Java runtime mode for conversion.
Valid values[
"JAVA-ORACLE",
"OPENJDK",
"OPENJ9",
"LIBERTY-JRE"
]
rw_dirs Array of string
List of read-write files and/or directories Default read-write directories - enclave-os doesn't provide any security measures for these files and anyone is allowed to read from or write to these files.
- /etc/hosts
- /etc/resolv.conf
- /etc/hostname
string
allowCmdlineArgsboolean
Allow command line arguments converter flag for an image.
manifestEnv Array of string
Environment variables that will be passed to the manifest file when the container is converted.
string
mutableEnv Array of string
Environment variables with supplied default values, but that may be overridden at runtime.
string
build_namestring
image name if curated app.
pending_task_idstring (uuid)
UUID of pending build whitelist task for the build
configsobject
Application configurations attached to the image.
property*object additionalProperties
marketplace_build_idstring (uuid)
Id of the corresponding marketplace listing.
launch_hintobject (LaunchHint)
This object encodes a suggested manner for launching a confidential application. It may need to be configured further depending on your environment.
azure_resource_templatestring
The Microsoft ARM Template for launching this build. May require some properties (such as the join token).
enable_overlay_filesystem_persistenceboolean
Flag indicating if file persistence is enabled. This is only for Nitro Enclaves.
group_idstring (uuid)
Group Id