Skip to content

Commit

Permalink
ita: updated certs_file property documentation
Browse files Browse the repository at this point in the history
Signed-off-by: Pawel Proskurnicki <[email protected]>
  • Loading branch information
pawelpros authored and Xynnn007 committed Sep 18, 2024
1 parent 6a6f889 commit ce3feff
Showing 1 changed file with 11 additions and 7 deletions.
18 changes: 11 additions & 7 deletions kbs/docs/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -144,12 +144,12 @@ The following properties can be set under the `intel_trust_authority_config` sec

>This section is available only when the `intel-trust-authority-as` feature is enabled.
| Property | Type | Description | Required | Default |
|--------------------------|---------|----------------------------------------------------------------------------------------|-------------------------|---------|
| `base_url` | String | Intel Trust Authority API URL. | Yes | - |
| `api_key` | String | Intel Trust Authority API key. | Yes | - |
| `certs_file` | String | Path to an Intel Trust Authority certificates JWKS file used for token verification. | Yes | - |
| `allow_unmatched_policy` | Boolean | Determines whether to ignore the `policy_ids_unmatched` token claim. | No | false |
| Property | Type | Description | Required | Default |
|--------------------------|---------|------------------------------------------------------------------------------------------|-------------------------|---------|
| `base_url` | String | Intel Trust Authority API URL. | Yes | - |
| `api_key` | String | Intel Trust Authority API key. | Yes | - |
| `certs_file` | String | URL to an Intel Trust Authority portal or path to JWKS file used for token verification. | Yes | - |
| `allow_unmatched_policy` | Boolean | Determines whether to ignore the `policy_ids_unmatched` token claim. | No | false |

Detailed [documentation](https://docs.trustauthority.intel.com).

Expand Down Expand Up @@ -205,14 +205,18 @@ Running with Intel Trust Authority attestation service:
insecure_http = true
insecure_api = true

[attestation_token_config]
attestation_token_type = "Jwk"
trusted_certs_paths = ["https://portal.trustauthority.intel.com"]

[repository_config]
type = "LocalFs"
dir_path = "/opt/confidential-containers/kbs/repository"

[intel_trust_authority_config]
base_url = "https://api.trustauthority.intel.com"
api_key = "tBfd5kKX2x9ahbodKV1..."
certs_file = "/etc/intel-trust-authority-certs.txt"
certs_file = "https://portal.trustauthority.intel.com"
allow_unmatched_policy = true
```

Expand Down

0 comments on commit ce3feff

Please sign in to comment.