Confidential Data Hub (CDH) is a service running inside the guest to provide resource related APIs.
For more information, please visit the project's repository.
CDH supports two kinds of interfaces: gRPC and ttrpc. Please select the corresponding Dockerfile to build your CDH image.
- Ensure Docker is installed on your system
# Clone the repository and prepare for building
git clone https://github.com/jingyao-zhang/docker-confidential-data-hub && \
cd docker-confidential-data-hub
# Build CDH image with gRPC interface
make build-grpc
# Build CDH image with ttrpc interface
make build-ttrpcTo build a specific commit of CDH, set the CDH_COMMIT environment variable before building. Run make help for full help information.
Depending on whether you are using the gRPC or ttrpc interface, running the CDH image varies slightly.
docker run -d --network host \
--name cdh-grpc confidential-data-hub:grpcdocker run -d -v /run/confidential-containers:/run/confidential-containers \
--name cdh-ttrpc confidential-data-hub:ttrpc- Ensure Docker is installed on your system
- Ensure Client Tools are installed on your host system
# test cdh-grpc
# open terminal 1
# create resource file for test
echo '{ "default/key/1": "cGFzc3BocmFzZXdoaWNobmVlZHN0b2JlMzJieXRlcyE=" }' > /etc/aa-offline_fs_kbc-resources.json
make build-grpc
docker run --rm --network host -v /etc/aa-offline_fs_kbc-resources.json:/etc/aa-offline_fs_kbc-resources.json confidential-data-hub:grpc
# open terminal 2
grpc-cdh-tool get-resource --resource-uri kbs:///default/key/1
# test cdh-ttrpc
# open terminal 1
# create resource file for test
echo '{ "default/key/1": "cGFzc3BocmFzZXdoaWNobmVlZHN0b2JlMzJieXRlcyE=" }' > /etc/aa-offline_fs_kbc-resources.json
make build-ttrpc
docker run --rm -v /etc/aa-offline_fs_kbc-resources.json:/etc/aa-offline_fs_kbc-resources.json -v /run/confidential-containers:/run/confidential-containers confidential-data-hub:ttrpc
# open terminal 2
ttrpc-cdh-tool get-resource --resource-uri kbs:///default/key/1