CLI reference ⌨
After you’ve compiled your app with
ego-go, use the
ego tool to sign, run, and examine your enclave app.
ego <command> [arguments]
Sign an executable built with ego-go. Executables must be signed before they can be run in an enclave.
ego sign [executable | config.json]
This command can be used in different modes:
ego sign <executable>
Generates a new key
private.pemand a default configuration
enclave.jsonin the current directory and signs the executable.
Searches in the current directory for
enclave.jsonand signs the therein provided executable.
ego sign <config.json>
Signs an executable according to a given configuration.
Run a signed executable in an enclave.
ego run <executable> [args...]
You can pass arbitrary arguments to the enclave.
Environment variables are only readable from within the enclave if they start with “EDG_”.
You need an SGX-enabled machine to run an enclave. For development, you can also enable simulation mode by setting
OE_SIMULATION=1 ego run helloworld
Run a signed executable with Marblerun. Marblerun is an open-source and cloud-native framework for managing clusters of confidential microservices.
ego marblerun <executable>
Requires a running Marblerun Coordinator instance.
Environment variables are only readable from within the enclave if they start with “EDG_” and will be extended/overwritten with the ones specified in the manifest.
Requires the following configuration environment variables:
The Coordinator address
The type of this Marble (as specified in the manifest)
The alternative DNS names for this Marble’s TLS certificate
The location where this Marble will store its UUID
Set OE_SIMULATION=1 to run in simulation mode.
Print the SignerID either from a signed executable or by reading a keyfile.
ego signerid <executable | key.pem>
Print the UniqueID of a signed executable.
ego uniqueid <executable>
Run a command within the ego build environment.
ego env ...
For example, run
ego env make
to build a Go project that uses a Makefile.