Skip to content

Commit

Permalink
fix(teepot-vault-unseal-sgx): make ca files readable
Browse files Browse the repository at this point in the history
Although the files were included, they were not readable, because
the gramine SGX policy would deny access.

The CA files are needed for the raft join command.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
  • Loading branch information
haraldh committed Aug 7, 2024
1 parent 42aa0ed commit f2f89c0
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions packages/container-vault-unseal-sgx-azure/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,11 @@ nixsgxLib.mkSGXContainer {
edmm_enable = false;
enclave_size = "2G";
max_threads = 64;

trusted_files = [
"file:/opt/vault/cacert.pem"
"file:/opt/vault/cakey.pem"
];
};

# possible tweak option, if problems with mio
Expand Down

0 comments on commit f2f89c0

Please sign in to comment.