Skip to main content

Register SPIFFE Trust Domain

You can use spirlctl to register a Trust Domain with SPIRL's control plane. In the following commands, we'll use spirl.example.com as the example Trust Domain name. Substitute this with the actual Trust Domain name you'll be using.

Run the following command:

spirlctl trust-domain create spirl.example.com --self-hosted

The command will return a response similar to the following:

Registering Trust Domain
Self-hosted trust domain 'spirl.example.com' created successfully

Then run the following command to create a deployment for the newly-registered Trust Domain. The name parameter should reflect where the deployment will be used. Typically, this is a region (e.g. us-west-2 or westus).

spirlctl trust-domain deployment create us-west-2 \
 --trust-domain spirl.example.com

The command will return a response similar to the following:

Trust domain deployment 'us-west-2' created successfully
Deployment name: us-west-2
Deployment ID: tdd-nnlo6k3t3o
Trust domain name: spirl.example.com
Trust domain ID: td-diok4t8ahq
Key id: tdk-jj6lzk6pep
Private Key:
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIOeg6Cet10sqNY0dPHV3MXKNyxGgrmKeMN0PZKGS+6iB
-----END PRIVATE KEY-----

Record the following information:

  • Trust Domain ID (td-*)
  • Trust Domain Key ID (tdk-*)
  • Private Key
  • Trust Domain Deployment Name
  • Trust Domain Deployment ID (tdd-*)

You will need these values to configure your SPIRL Trust Domain server in the next step. We highly recommend to save the private key information in a secure location.

Trust Domain Deployment ID (tdd-*) is used in several commands throughout this guide. To make following along with the guide easier set an environment variable, $YOUR_TD_DEPLOYMENT_ID, so that you don't need to copy and paste the TDD ID multiple times.

export YOUR_TD_DEPLOYMENT_ID=tdd-nnlo6k3t3o