-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsession-template.yml
50 lines (43 loc) · 1.32 KB
/
session-template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# CAS session template
# https://sconedocs.github.io/CAS_session_lang_0_3/
name: "$SESSION"
version: "0.3"
access_policy:
read:
- NONE
update:
- NONE
secrets:
- name: SENDER_KEY
# Generate the sender private key
kind: binary
size: 32
- name: RECIPIENT_KEY
# Generate the recipient private key
kind: binary
size: 32
services:
- name: encrypt # Service to encrypt a file from STDIN
mrenclaves: [$MRENCLAVE]
command: "python3 /app encrypt"
environment:
# Inject HEX representation of generated keys into the service environment
SENDER_KEY: "$$SCONE::SENDER_KEY:hex$$"
RECIPIENT_KEY: "$$SCONE::RECIPIENT_KEY:hex$$"
# Use File System Protection File to check the consistency of the service files (app/*.py)
fspf_path: /fspf/fs.fspf
fspf_key: $FSPF_KEY
fspf_tag: $FSPF_TAG
- name: process # Service to process encrypted file from STDIN
mrenclaves: [$MRENCLAVE]
command: "python3 /app process"
environment:
SENDER_KEY: "$$SCONE::SENDER_KEY:hex$$"
RECIPIENT_KEY: "$$SCONE::RECIPIENT_KEY:hex$$"
fspf_path: /fspf/fs.fspf
fspf_key: $FSPF_KEY
fspf_tag: $FSPF_TAG
security:
attestation:
tolerate: [debug-mode, hyperthreading, insecure-igpu, outdated-tcb, software-hardening-needed]
ignore_advisories: "*"