Register SPIFFE Trust Domain

Using the SPIRL CLI spirlctl you can register a SPIFFE Trust Domain with SPIRL Control Plane. In the following commands, we'll use spirl.example.com as the example trust domain name. Substitute this with the actual trust domain name you'll be using.

Run the following command:

spirlctl trust-domain register spirl.example.com

The command will return a response similar to the following:

Registering SPIFFE Trust Domain
Trust domain 'spirl.example.com' registered successfully
Trust Domain ID: td-8ijcnkdc96

Then run the following command to create a private key for the newly-registered trust domain. The --deployment-name parameter should reflect the where the key will be used. Typically, this is a region (e.g. us-west-2 or westus). If not given, the deployment name will be set to "default".

spirlctl trust-domain key create spirl.example.com \
 --deployment-name us-west-2

The command will return a response similar to the following:

Trust domain key 'tdk-q7be9a8phs' created successfully
Deployment name: us-west-2
Private Key:
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEsG7ZUSzdTHhAnX57bXVGuf06GGsUZawoyJa5AGsFaK
-----END PRIVATE KEY-----

Finally, get the ID for the deployment you created as part of creating the key:

spirlctl trust-domain deployment list spirl.example.com

This will produce output similar to the following:

Listing Trust Domain Deployments
Name            ID              Configuration State  Last Configured
us-west-2       tdd-qzd47v0pj6  Unknown              0001-01-01 00:00:00 +0000 UTC
1 trust domain deployment found.

Record the Trust Domain ID (td-*), Trust Domain Key ID (tdk-*), Private Key, Trust Domain Deployment Name, and Trust Domain Deployment ID (tdd-*) information. You will need these values to configure your SPIRL Trust Domain Server in the next step. We highly recommend to save the private key information in a secure location, like your secret manager.