Creating the KbsConfig file

You must create the KbsConfig file to configure the Trustee server.

1. Create a kbs-config.toml file:

   [http_server]
   sockets = ["0.0.0.0:8080"]
   auth_public_key = "/kbs/kbs.pem"
   private_key = "/etc/key.pem"
   certificate = "/etc/cert.pem"
   [admin]
   type = "Simple"
   insecure_api = false
   auth_public_key = "/etc/auth-secret/publicKey"
   insecure_key = true
   attestation_token_type = "CoCo"
   [attestation_service]
   type = "coco_as_builtin"
   work_dir = "/opt/confidential-containers/attestation-service"
   policy_engine = "opa"
   [attestation_service.attestation_token_broker]
   type = "Simple"
   policy_dir = "/opt/confidential-containers/attestation-service/policies/opa"
   [attestation_service.attestation_token_config]
   duration_min = 5
   [attestation_service.rvps_config]
   type = "BuiltIn"
   [attestation_service.rvps_config.storage]
   type = "LocalFs"
   [[plugins]]
   name = "resource"
   type = "LocalFs"
   dir_path = "/opt/confidential-containers/kbs/repository"
   [policy_engine]
   policy_path = "/opt/confidential-containers/opa/policy.rego"

2. Move kbs-config.toml file to the kbs directory by running the following command:

   $ mv kbs-config.toml kbs/kbs-config.toml