The Fortanix Confidential Computing Manager (CCM) environment is designed with the goal of protecting any application. This article describes how to run a Flask Server application on a compute node.
Running a Flask Server Enclave OS Application
- A Python Web Application should be created.
Run an Enclave OS Application on Compute Node
- In the Fortanix CCM UI, click the + APPLICATION button.
Figure 1: Create new application
- Add a Python Web Application. See the article “User's Guide: Add and Edit an Application” for more information.
- Approve the domain for the Python Web Application. See the article “User's Guide: Tasks” for more information.
- In the detailed view of the application, click the + IMAGES button.
Figure 2: Create an image
- Create an image of the Python Web Application by providing a proper tag. See the article “User's Guide: Create an Image” for more information.
- Approve the image for the Python Web Application. See the article “User's Guide: Tasks” for more information.
- Depending on the node agent attestation type, run the application image using one of the following commands:
If the node attestation type is Enhanced Privacy ID (EPID), use the command:
docker run --device /dev/isgx:/dev/isgx --device /dev/gsgx:/dev/gsgx -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket -e NODE_AGENT_BASE_URL=http://18.104.22.168:9092/v1/ fortanix-private/python-flask-sgx
docker run --device /dev/sgx/enclave:/dev/sgx/enclave -e NODE_AGENT_BASE_URL=http://22.214.171.124:9092/v1/ fortanix-private/python-flask-sgx
9092is the port on which Node Agent listens up.
126.96.36.199is the Node Agent Host IP.
fortanix-private/python-flask-sgxis the converted app that can be found in the Images tab under Image Name column in the Images table.
Figure 3: Run the application
- To verify that the application is running, click the APPLICATION tab in the Fortanix CCM UI and verify that there is a running application image associated with it and displayed with the application in the detailed view of the application.
Figure 4: Deployed application