Trustee in Docker

Installing Trustee on Docker compose
Categories:
Tags:

Trustee can be installed using Docker Compose.

Installation

Clone the Trustee repo.

git clone https://github.com/confidential-containers/trustee.git

Run Trustee.

docker compose up -d

Admin Setup (Optional)

Trustee admin APIs are protected. An admin keypair is required to use them. Trustee in Docker Compose will automatically generate an admin keypair. The private key, which an admin should provide to the KBS client, will be located at kbs/config/private.key.

You can replace the randomly generated admin keypair with the following commands.

openssl genpkey -algorithm ed25519 > kbs/config/private.key
openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub

Debug Mode (Optional)

To enable additional debug information, you can set the RUST_LOG environment variable.

First, create a file called debug.env.

RUST_LOG=debug

Then, you can run Trustee with an additional argument.

docker-compose --env-file debug.env up

Uninstall

Stop Trustee.

docker compose down
Last modified August 22, 2025: trustee: add info about docker debug mode (8a55c62)