-
Notifications
You must be signed in to change notification settings - Fork 1
/
session.template.yml
82 lines (76 loc) · 3.62 KB
/
session.template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
name: $CAS_NAMESPACE/$PYTHON_SESSION_NAME
version: "0.3"
security:
attestation:
# Use Microsoft Azure Attestation as the attestation provider.
# Since MAA also supports attestation policies, the attestation flow has to be
# allowed by BOTH policies (i.e., MAA and SCONE). If you use one of the shared
# MAA instances provided by Azure, they apply an "empty" policy, so you only have
# to comply with this one.
# NOTE: In some Azure regions, MAA providers use short RSA signing keys (1024 bits).
# Such key length is discouraged, and you must explicitly allow it here by adding
# `min_rsa_signing_key_size: 1024`. If omitted, we enforce the default minimum RSA
# key length of 2048 bits.
mode: maa
url: $MAA_PROVIDER
# We explicitly tolerate:
# 1) Enclaves in debug mode; and
# 2) Having the TCB state enforced by MAA, not by us, since MAA does not include
# any TCB state in its token. This is required for `mode: maa`.
tolerate: [debug-mode, maa-managed-tcb]
secrets:
# Secrets of `kind: aad-token` represent Azure AD tokens that are retrieved
# dynamically. Such secrets can be injected into the enclave's environment or
# filesystem, as well as used by this session in flows that require authentication
# to Azure services (e.g., retrieving a key from Azure Key Vault).
- name: AAD_TOKEN
kind: aad-token
tenant_id: $AZURE_TENANT_ID
client_id: $AZURE_CLIENT_ID
# NOTE: One could also use `private_key` instead of `application_secret`, for when
# the application credential is a certificate.
application_secret: $AZURE_CLIENT_SECRET
# Secrets of `kind: ascii` are plain-text secrets.
- name: MY_AKV_SECRET
kind: ascii
# Import the content of this secret from an Azure Key Vault. Importing secrets from
# AKV requires at least one secret of `kind: aad-token`, so the session can authenticate
# to Azure. If the session defines only one secret of `kind: aad-token`, it is used by
# default to authenticate, and you can omit the field `import_akv.token`.
import_akv:
vault: $AKV_VAULT
secret_name: $AKV_SECRET_NAME
token: $$SCONE::AAD_TOKEN$$
# Secrets of `kind: x509` represent X509v3 certificates. Such secrets can be injected
# into the enclave's environment or filesystem, and they support bindings to private keys
# or certificate chains, if available [1]. If the session defines only one secret of
# `kind: aad-token`, it is used by default to authenticate, and you can omit the field
# `import_akv.token`.
# [1] https://sconedocs.github.io/CAS_session_lang_0_3/#certificate-values
- name: MY_AKV_CERT
kind: x509
import_akv:
vault: $AKV_VAULT
secret_name: $AKV_CERT_SECRET_NAME
token: $$SCONE::AAD_TOKEN$$
services:
- name: rest-api
image_name: rest-api
command: python3 /app/rest_api.py
mrenclaves: ["291645fc02749ef4f895da626d1ffe9bf45d34aad2177507844e1b87d220219f"]
environment:
# NOTE: We inject the contents of the secret `MY_AKV_SECRET` (retrieved from AKV)
# into the enclave's environment after attestation is successful.
AKV_SECRET: $$SCONE::MY_AKV_SECRET$$
pwd: /
images:
- name: rest-api
# NOTE: We inject the contents of the secret `MY_AKV_CERT` (retrieved from AKV)
# into the enclave's filesystem after attestation is successful. The extensions
# `.crt` (only the certificate) and `.key` (only its private key) after the secret
# name specify what must be injected.
injection_files:
- path: /tls/flask.crt
content: $$SCONE::MY_AKV_CERT.crt$$
- path: /tls/flask.key
content: $$SCONE::MY_AKV_CERT.key$$