Create Application Configuration

1.0 Introduction

This article describes how to create an Application Configuration to customize the behavior of applications in Fortanix Confidential Computing Manager (CCM).

An Application Configuration is an object used to define application-specific settings for the following applications:

• For EnclaveOS applications, use this to insert files on the disk in a specific path.

• For EDP applications, use this to provide a key/value map to the applications.

• For ACI applications: Use this configuration to provide key-value pairs that define runtime parameters for the application.

• For AMD SEV-SNP applications: Use this configuration to provide key-value pairs required to configure the application. The Ports value must be left empty.

• For Azure CVM applications: Use this configuration to provide key-value pairs required to configure the application.

The Application Configuration also includes information about connections to datasets or other applications when the application is part of a workflow.

For example, you can use an Nginx EnclaveOS image and provide a custom nginx.conf file using an Application Configuration.

1.1 Workflow Application Configuration

Application Configuration objects can be assigned to apps in draft workflows. These draft workflows are sent for approval and finalized once all users approve the Workflow.

Fortanix CCM then generates a secondary/derived object called Workflow Application Configuration. This contains the original object plus information on Workflow connections needed by enclaves to access the data. For more information about workflows, refer to Workflows.

2.0 Create an Application Configuration

Before creating an Application Configuration, ensure that the following objects already exist:

• A group

• An application

• An image of the application

Perform the following steps to create an Application Configuration:

1. In the CCM UI left navigation panel, click Applications → Configurations, and then click + ADD CONFIGURATION to add a new configuration.

   

2. In the ADD APPLICATION CONFIGURATION window, fill the following:

   1. Image: Select the application image for which the configuration will be created.

   2. Configuration name:Enter a name for the configuration.

   3. Group: Select the required group from the drop down menu to associate the configuration with that group.

   4. Description: Enter a description for the configuration.

   5. Ports: Specify the connections to be used in the workflow. These are not network ports. They are string-based tags used to identify workflow connections. You can define multiple ports based on the connection requirements. For example, input, output, heartbeat, and so on.

   6. Labels (optional): Attach one or more key-value labels to the configuration.

   7. Configuration items: Define key-value pairs used to configure the application.

      • For Enclave OS (operating system) applications, the Key represents the file path. and the Value represents the file content used to configure the application

        NOTE

        For Enclave OS applications, files are allowed only under the path /opt/fortanix/enclave-os/app-config/rw.

      • For Enclave Development Platform (EDP) applications, specify the Key and Value required to configure the application.

      • For Application Configuration Instance (ACI) applications, specify the Key and Value required to configure the application.

      • For Advanced Micro Devices (AMD) Secure Encrypted Virtualization (SEV) – Secure Nested Paging (SNP) applications, specify the Key and Value required to configure the application. Leave the Ports value empty.

      • For Azure Confidential Virtual Machine (CVM) applications, specify the Key and Value required to configure the application.

   

3. Click SAVE to save the configuration.