{"id":22923705,"url":"https://github.com/mithril-security/nitriding","last_synced_at":"2025-10-15T15:09:49.327Z","repository":{"id":154880039,"uuid":"621347128","full_name":"mithril-security/nitriding","owner":"mithril-security","description":"Fork of brave/nitriding for use in blindai","archived":false,"fork":false,"pushed_at":"2023-04-27T10:28:43.000Z","size":282,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T14:49:56.145Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mithril-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-30T13:34:45.000Z","updated_at":"2023-04-18T12:17:11.000Z","dependencies_parsed_at":null,"dependency_job_id":"af00421c-2cb9-4204-bb90-3d39fcedcca2","html_url":"https://github.com/mithril-security/nitriding","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/mithril-security/nitriding","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mithril-security%2Fnitriding","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mithril-security%2Fnitriding/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mithril-security%2Fnitriding/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mithril-security%2Fnitriding/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mithril-security","download_url":"https://codeload.github.com/mithril-security/nitriding/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mithril-security%2Fnitriding/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269721014,"owners_count":24464426,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-14T08:16:24.195Z","updated_at":"2025-10-15T15:09:44.279Z","avatar_url":"https://github.com/mithril-security.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"./doc/nitriding-logo.svg\" alt=\"Nitriding logo\" width=\"250\"\u003e\n\u003c/div\u003e\n\n---\n\n[![GoDoc](https://pkg.go.dev/badge/github.com/brave/nitriding?utm_source=godoc)](https://pkg.go.dev/github.com/brave/nitriding)\n\nThis Go tool kit makes it possible to run your application inside an\n[AWS Nitro Enclave](https://aws.amazon.com/ec2/nitro/nitro-enclaves/).\nLet's assume that you built a Web service in Rust.  You can now use nitriding to\nmove your Rust code into a secure enclave, making it possible for your users to\nremotely verify that you are in fact running the code that you claim to run.\nNitriding provides the following features:\n\n* Automatically obtains an HTTPS certificate (either self-signed or via\n  [Let's Encrypt](https://letsencrypt.org))\n  for clients to securely connect to your enclave over the Internet.  Nitriding\n  can act as a TLS-terminating reverse HTTP proxy for your application, so your\n  application does not have to deal with obtaining certificates.\n\n* Automatically exposes an HTTPS endpoint for remote attestation.  After having\n  audited your enclave's source code, your users can conveniently verify the\n  enclave's image by using a tool like\n  [verify-enclave](https://github.com/brave-experiments/verify-enclave)\n  and running:\n\n   ```\n   make verify CODE=/path/to/code/ ENCLAVE=https://enclave.com/enclave/attestation\n   ```\n\n* Are you building an application that uses a protocol other than HTTP?  If so,\n  nitriding makes it possible to register a hash over your application's public\n  key material which is subsequently included in the\n  [attestation document](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc).\n  This allows your users to verify that their connection is securely terminated\n  inside the enclave, regardless of the protocol that you are using.\n\n* Provides an API to scale enclave applications horizontally while synchronizing\n  state between enclaves.\n\n* AWS Nitro Enclaves only provide a highly constrained\n  [VSOCK channel](https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-socket)\n  between the enclave and its host.  Nitriding creates TAP interface inside the\n  enclave, allowing your application to transparently access the Internet\n  without having to worry about VSOCK, port forwarding, or tunneling.\n\n* Automatically initializes the enclave's entropy pool using the Nitro\n  hypervisor.\n\nTo learn more about nitriding's trust assumptions, architecture, and build\nsystem, take a look at our [research paper](https://arxiv.org/abs/2206.04123).\n\n## Usage\n\nTo use nitriding, the following steps are necessary:\n\n1. Make sure that your enclave application supports\n   [reproducible builds](https://reproducible-builds.org);\n   otherwise, users won't be able to verify your enclave image.\n\n2. Set up\n   [this proxy application](https://github.com/containers/gvisor-tap-vsock/tree/main/cmd/gvproxy)\n   on the EC2 host.\n\n3. Bundle your application and nitriding together in a Dockerfile.  The\n   nitriding stand-alone executable must be invoked first, followed by your\n   application.  To build the nitriding executable, run `make cmd/nitriding`.\n   (Then, run `./cmd/nitriding -help` to see a list of command line options.)\n   For reproducible Docker images, we recommend\n   [kaniko](https://github.com/GoogleContainerTools/kaniko)\n   and\n   [ko](https://github.com/ko-build/ko) (for Go applications only).\n\n4. Once your application is done bootstrapping, it must let nitriding know, so\n   it can start the Internet-facing Web server that handles remote attestation\n   and other tasks.  To do so, the application must issue an HTTP GET request to\n   `http://127.0.0.1:8080/enclave/ready`.  The handler ignores URL parameters\n   and responds with a status code 200 if the request succeeded.  Note that the\n   port in this example, 8080, is controlled by nitriding's `-intport` command\n   line flag.\n\nTake a look at [this example application](example/) to learn how nitriding works\nin practice.\n\n## Development\n\nTo test and lint the code, run:\n\n```\nmake\n```\n\n## More documentation\n\n* [System architecture](doc/architecture.md)\n* [Example application](example/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmithril-security%2Fnitriding","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmithril-security%2Fnitriding","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmithril-security%2Fnitriding/lists"}