Register SPIFFE Trust Domain
Using the SPIRL CLI spirlctl
you can register a SPIFFE Trust Domain
with SPIRL Control Plane. In the following commands, we'll use
spirl.example.com
as the example trust domain name. Substitute this
with the actual trust domain name you'll be using.
Run the following command:
spirlctl trust-domain register spirl.example.com
The command will return a response similar to the following:
Registering SPIFFE Trust Domain
Trust domain 'spirl.example.com' registered successfully
Trust Domain ID: td-8ijcnkdc96
Then run the following command to create a private key for the
newly-registered trust domain. The --deployment-name
parameter
should reflect the where the key will be used. Typically, this is a
region (e.g. us-west-2
or westus
). If not given, the deployment
name will be set to "default".
spirlctl trust-domain key create spirl.example.com \
--deployment-name us-west-2
The command will return a response similar to the following:
Trust domain key 'tdk-q7be9a8phs' created successfully
Deployment name: us-west-2
Private Key:
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIEsG7ZUSzdTHhAnX57bXVGuf06GGsUZawoyJa5AGsFaK
-----END PRIVATE KEY-----
Finally, get the ID for the deployment you created as part of creating the key:
spirlctl trust-domain deployment list spirl.example.com
This will produce output similar to the following:
Listing Trust Domain Deployments
Name ID Configuration State Last Configured
us-west-2 tdd-qzd47v0pj6 Unknown 0001-01-01 00:00:00 +0000 UTC
1 trust domain deployment found.
Record the Trust Domain ID (td-*
), Trust Domain Key ID (tdk-*
),
Private Key, Trust Domain Deployment Name, and Trust Domain Deployment
ID (tdd-*
) information. You will need these values to configure your SPIRL
Trust Domain Server in the next step. We highly recommend to save the private
key information in a secure location, like your secret manager.