mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 23:23:57 +02:00
91f1612e0f
* create containers with nix * updated README.md * added SPDX license headers Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
25 lines
938 B
Docker
25 lines
938 B
Docker
# SPDX-License-Identifier: Apache-2.0
|
|
# Copyright (c) 2024 Matter Labs
|
|
|
|
FROM teepot-vault-unseal-sgx-azure:base
|
|
|
|
WORKDIR /app
|
|
|
|
COPY packages/container-vault-sgx-azure/test-enclave-key.pem /tmp/
|
|
|
|
RUN set -eux; \
|
|
gramine-manifest -Darch_libdir=/lib/x86_64-linux-gnu \
|
|
-Dentrypoint=$(readlink /bin/tee-vault-unseal) \
|
|
-Dvault_auth_tee_sha=1505ffe3ef0994de63206ccce1dec6715d55e72955960cb7314e4571811c4422 \
|
|
-Dvault_auth_tee_version=0.1.0+dev \
|
|
-Dexecdir=/bin \
|
|
-Dlog_level=warning \
|
|
tee-vault-unseal.manifest.toml tee-vault-unseal.manifest; \
|
|
gramine-sgx-sign --manifest tee-vault-unseal.manifest --output tee-vault-unseal.manifest.sgx --key /tmp/test-enclave-key.pem; \
|
|
rm /tmp/test-enclave-key.pem
|
|
|
|
EXPOSE 8443
|
|
|
|
ENTRYPOINT ["/bin/sh", "-c"]
|
|
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
|
CMD [ "echo tee-vault-unseal in SGX mode starting; restart-aesmd ; exec gramine-sgx tee-vault-unseal" ]
|