How to Check Fortanix DSM's Node Join Policy

  • Updated on May 28, 2025
  • Published on Jun 20, 2024
  • 2 minute(s) read
Prev Next

1.0 Introduction

This article describes the methods to check the node join policy for the Fortanix-Data-Security-Manager (DSM) cluster.

2.0 Prerequisites

To find out your Fortanix DSM cluster’s node join policy you need the following:

  • A user with system administration (sysadmin) access in the Fortanix DSM cluster.

3.0 Check Fortanix DSM'S Node Join Policy

You can check the node join policy using either of the following methods:

  • Using the command line

  • Using the Fortanix DSM user interface (UI)

3.1 Method 1 - Using the Command Line

Perform the following steps:

  1. Set up some environment variables:

    DSM_DOMAIN="amer.smartkey.io" # Replace the value with your actual DSM domain name.
EMAIL="user@domain"           # Replace the value with your actual email address
read -p "Enter your password: " PASSWORD

  2. After you enter your password in the above command and press ENTER, copy the following lines into your command line:

    BASIC=$(echo -n "$EMAIL:$PASSWORD" | base64)
BEARER_TOKEN=$(curl -s -X POST "https://$DSM_DOMAIN/sys/v1/session/auth" \
    -H "Authorization: Basic $BASIC" | jq -r .access_token)

curl -s -X POST "https://$DSM_DOMAIN/sys/v1/session/select_account" \
    -H "Authorization: Bearer $BEARER_TOKEN" -d '{"acct_id":"278fec9c-aa19-4075-a81e-5bca9649a136"}'

curl -s -X GET "https://$DSM_DOMAIN/admin/v1/cluster" \
    -H "Authorization: Bearer $BEARER_TOKEN" | jq .enrollment/code

    The last line queries the cluster configuration and extracts the parts relevant to the node join policy.
    Example output:

    {
  "join-policy": {
    "all": [
      "node-ca",
      "sgx-ias"
    ]
  },
  "allowed-sgx-types": {
    "any": [
      "standard"
    ]
  }
}

  3. Run the following commands to clean up::

    curl -s -X POST "https://$DSM_DOMAIN/sys/v1/session/terminate" -H "Authorization: Bearer $BEARER_TOKEN"
unset BEARER_TOKEN
unset BASIC
unset PASSWORD
unset EMAIL

3.2 Method 2 - Using the Fortanix DSM Web UI

Perform the following steps:

  1. Log in to your Fortanix DSM cluster using your system administrator credentials.

    Figure 1: Log in to the DSM cluster using sysadmin credentials

  2. Select the System Administration account. Open your browser’s Developer console.

    • In Google Chrome and Firefox, press Ctrl + Shift + I to open the console.

    • For other browsers, use the corresponding menu option to access developer tools.

      Once the Developer Console opens, click the Network tab.

      Figure 2: Select the Network tab on the browser Developer console

  3. Click the Settings menu item in the DSM left navigation panel. In the Network tab of the Developer Console, locate the GET request to /admin/v1/cluster. Click the request and inspect the Response section.
    Look for the "enrollment" field. This value indicates your cluster’s node join policy.

    Figure 3: Find your cluster's node join policy

Related articles