Create your first Confidential Space environment

In this guide, Alex and Bola want to find out who has the highest salary without revealing numbers to each other. They decide to use Confidential Space to keep their data confidential, and agree to take on the following roles:

• Alex: Data collaborator, workload author

• Bola: Data collaborator, workload operator

This arrangement is designed to keep things as straightforward as possible for this guide. However, it's possible for the workload author and operator to be entirely independent from the data collaborators, and you can have as many collaborators as you want.

Before you begin

This guide demonstrates a Confidential Space scenario using a single account in a single organization with access to multiple projects, so you can experience the whole process. In a production deployment, collaborators, workload authors, and workload operators have separate accounts and their own projects contained in discrete organizations, inaccessible to each other and keeping their confidential data separate.

Confidential Space can interact with many of Google Cloud's services to produce its results, including but not limited to:

• Artifact Registry

• Cloud Storage

• Cloud Key Management Service

• Compute Engine

• Cloud Logging

• Service accounts

• Workload Identity Federation

This guide makes use of and assumes a basic understanding of all of these features.

Required APIs

You must enable the following APIs in the specified projects to be able to complete this guide.

Required roles

To get the permissions that you need to complete this guide, ask your administrator to grant you the following IAM roles on the project:

• Cloud KMS Admin (roles/cloudkms.admin) for the data collaborators (Alex and Bola).
• IAM Workload Identity Pool Admin (roles/iam.workloadIdentityPoolAdmin) for the data collaborators (Alex and Bola).
• Service Usage Admin (roles/serviceusage.serviceUsageAdmin) for the data collaborators (Alex and Bola).
• Storage Admin (roles/storage.admin) for the data collaborators (Alex and Bola) and the workload operator (Bola).
• Service Account Admin (roles/iam.serviceAccountAdmin) for the workload operator (Bola).
• Compute Admin (roles/compute.admin) for the workload operator (Bola).
• Security Admin (roles/securityAdmin) for the workload operator (Bola).
• Artifact Registry Administrator (roles/artifactregistry.admin) for the workload author (Alex).

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Set up data collaborator resources

Both Alex and Bola need independent projects that contain the following resources:

• The confidential data itself.

• An encryption key to encrypt that data and keep it confidential.

• A Cloud Storage bucket to store the encrypted data in.

• A workload identity pool. The workload processing the confidential data uses the pool to access the private data and decrypt it.

To get started, go to the Google Cloud console:

Go to Google Cloud console

Set up Alex's resources

To set up the resources for Alex, complete the following instructions.

1. Click terminal Activate Cloud Shell.

2. In Cloud Shell, enter the following command to create a project for Alex, replacing ALEX_PROJECT_ID with a name of your choice:

   gcloud projects create ALEX_PROJECT_ID

3. Switch to the newly created project:

   gcloud config set project ALEX_PROJECT_ID

4. If you haven't done so already, enable the APIs Alex requires as a data collaborator and workload author:

   gcloud services enable cloudkms.googleapis.com artifactregistry.googleapis.com iamcredentials.googleapis.com

5. Create a key ring and encryption key with Cloud Key Management Service:

   gcloud kms keyrings create ALEX_KEYRING_NAME \
       --location=global

   gcloud kms keys create ALEX_KEY_NAME \
       --location=global \
       --keyring=ALEX_KEYRING_NAME \
       --purpose=encryption

6. Grant Alex the cloudkms.cryptoKeyEncrypter role so they can use the newly created encryption key to encrypt data:

   gcloud kms keys add-iam-policy-binding \
       projects/ALEX_PROJECT_ID/locations/global/keyRings/ALEX_KEYRING_NAME/cryptoKeys/ALEX_KEY_NAME \
       --member=user:$(gcloud config get-value account) \
       --role=roles/cloudkms.cryptoKeyEncrypter

7. Create Alex's workload identity pool:

   gcloud iam workload-identity-pools create ALEX_POOL_NAME \
       --location=global

8. Create a Cloud Storage bucket for the input data, and another to store the results in:

   gcloud storage buckets create gs://ALEX_INPUT_BUCKET_NAME \
       gs://ALEX_RESULTS_BUCKET_NAME

9. Create a file that contains only Alex's salary as a number:

   echo 123456 > ALEX_SALARY.txt

10. Encrypt the file, and then upload it to Alex's bucket:

    gcloud kms encrypt \
        --ciphertext-file="ALEX_ENCRYPTED_SALARY_FILE" \
        --plaintext-file="ALEX_SALARY.txt" \
        --key=projects/ALEX_PROJECT_ID/locations/global/keyRings/ALEX_KEYRING_NAME/cryptoKeys/ALEX_KEY_NAME

    gcloud storage cp ALEX_ENCRYPTED_SALARY_FILE gs://ALEX_INPUT_BUCKET_NAME

Set up Bola's resources

To set up the resources for Bola, complete the following instructions.

1. In Cloud Shell, enter the following command to create a project for Bola, replacing BOLA_PROJECT_ID with a name of your choice:

   gcloud projects create BOLA_PROJECT_ID

2. Switch to the newly created project:

   gcloud config set project BOLA_PROJECT_ID

3. If you haven't done so already, enable the APIs Bola requires as a data collaborator and workload operator:

   gcloud services enable cloudkms.googleapis.com iamcredentials.googleapis.com compute.googleapis.com confidentialcomputing.googleapis.com

4. Create a key ring and encryption key with Cloud Key Management Service:

   gcloud kms keyrings create BOLA_KEYRING_NAME \
       --location=global

   gcloud kms keys create BOLA_KEY_NAME \
       --location=global \
       --keyring=BOLA_KEYRING_NAME \
       --purpose=encryption

5. Grant Bola the cloudkms.cryptoKeyEncrypter role so they can use the newly created encryption key to encrypt data:

   gcloud kms keys add-iam-policy-binding \
       projects/BOLA_PROJECT_ID/locations/global/keyRings/BOLA_KEYRING_NAME/cryptoKeys/BOLA_KEY_NAME \
       --member=user:$(gcloud config get-value account) \
       --role=roles/cloudkms.cryptoKeyEncrypter

6. Create Bola's workload identity pool:

   gcloud iam workload-identity-pools create BOLA_POOL_NAME \
       --location=global

7. Create a Cloud Storage bucket for the input data, and another to store the results in:

   gcloud storage buckets create gs://BOLA_INPUT_BUCKET_NAME \
       gs://BOLA_RESULTS_BUCKET_NAME

8. Create a file that contains only Bola's salary as a number:

   echo 111111 > BOLA_SALARY.txt

9. Encrypt the file, and then upload it to Bola's bucket:

   gcloud kms encrypt \
       --ciphertext-file="BOLA_ENCRYPTED_SALARY_FILE" \
       --plaintext-file="BOLA_SALARY.txt" \
       --key=projects/BOLA_PROJECT_ID/locations/global/keyRings/BOLA_KEYRING_NAME/cryptoKeys/BOLA_KEY_NAME

   gcloud storage cp BOLA_ENCRYPTED_SALARY_FILE gs://BOLA_INPUT_BUCKET_NAME

Create a service account for the workload

In this guide, Bola operates and runs the workload, but anyone can take on these roles, including a third party. The VM instance Bola creates to run the workload has a service account attached, which has permission to generate attestation tokens, write logs, read Alex and Bola's encrypted data, and write results to specific Cloud Storage buckets.

Complete the following steps in Bola's project to set up the service account:

1. Create a service account to run the workload:

   gcloud iam service-accounts create WORKLOAD_SERVICE_ACCOUNT_NAME
   

2. Grant Bola the iam.serviceAccountUser role, so they can attach the service account to the workload VM later:

   gcloud iam service-accounts add-iam-policy-binding \
       WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --member=user:$(gcloud config get-value account) \
       --role=roles/iam.serviceAccountUser
   

3. Grant the service account the confidentialcomputing.workloadUser role so it can generate an attestation token:

   gcloud projects add-iam-policy-binding BOLA_PROJECT_ID \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/confidentialcomputing.workloadUser
   

4. Grant the service account the logging.logWriter role to write logs to Cloud Logging, so you can check the progress of the workload:

   gcloud projects add-iam-policy-binding BOLA_PROJECT_ID \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/logging.logWriter
   

5. Give the service account read access to both Alex and Bola's buckets that contain their encrypted data, and write access to each of their results buckets:

   gcloud storage buckets add-iam-policy-binding gs://ALEX_INPUT_BUCKET_NAME \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/storage.objectViewer
   

   gcloud storage buckets add-iam-policy-binding gs://BOLA_INPUT_BUCKET_NAME \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/storage.objectViewer
   

   gcloud storage buckets add-iam-policy-binding gs://ALEX_RESULTS_BUCKET_NAME \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/storage.objectAdmin
   

   gcloud storage buckets add-iam-policy-binding gs://BOLA_RESULTS_BUCKET_NAME \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/storage.objectAdmin
   

   This assumes the user granting the access has the Storage Admin (roles/storage.admin) role for the project that contains the Cloud Storage bucket that's being operated on.

Create the workload

In this guide, Alex provides the code for the workload and builds a Docker image to contain it, but anyone can take on these roles, including a third party.

Alex needs to create the following resources for the workload:

• The code that performs the workload.

• A Docker repository in Artifact Registry, that the service account running the workload has access to.

• A Docker image that contains and runs the workload code.

To create and set up the resources, complete the following steps in Alex's project:

1. Switch to Alex's project:

   gcloud config set project ALEX_PROJECT_ID
   

2. Create a Docker repository in Artifact Registry:

   gcloud artifacts repositories create REPOSITORY_NAME \
       --repository-format=docker \
       --location=us
   

3. Grant the service account that's going to run the workload the Artifact Registry Reader (roles/artifactregistry.reader) role so it can read from the repository:

   gcloud artifacts repositories add-iam-policy-binding REPOSITORY_NAME \
       --location=us \
       --member=serviceAccount:WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --role=roles/artifactregistry.reader
   

4. Modify the values in the following code sample with the relevant resource names to update the source code in the next step. If you've already edited placeholder variables in this guide like ALEX_PROJECT_ID then those values are prefilled:

   // Alex's values
   ALEX_ENCRYPTED_SALARY_FILE // The name of Alex's encrypted salary file
   ALEX_INPUT_BUCKET_NAME // The name of the storage bucket that contains Alex's encrypted salary file
   ALEX_RESULTS_BUCKET_NAME // The name of the storage bucket to store Alex's results in
   ALEX_RESULTS_FILE_PREFIX // A prefix for Alex's results filename. The code adds a timestamp to this prefix.
   ALEX_KEYRING_NAME // Alex's Key Management Service key ring.
   ALEX_KEY_NAME // Alex's Key Management Service key.
   ALEX_PROJECT_ID // Alex's project ID.
   ALEX_PROJECT_NUMBER // Alex's project number.
   ALEX_POOL_NAME // Alex's workload identity pool name.
   
   // Bola's values
   BOLA_ENCRYPTED_SALARY_FILE // The name of Bola's encrypted salary file.
   BOLA_INPUT_BUCKET_NAME // The name of the storage bucket that contains Bola's encrypted salary file.
   BOLA_RESULTS_BUCKET_NAME // The name of the storage bucket to store Bola's results in.
   BOLA_RESULTS_FILE_PREFIX // A prefix for Bola's results filename. The code adds a timestamp to this prefix.
   BOLA_KEYRING_NAME // Bola's Key Management Service key ring.
   BOLA_KEY_NAME // Bola's Key Management Service key.
   BOLA_PROJECT_ID // Bola's project ID.
   BOLA_PROJECT_NUMBER // Bola's project number.
   BOLA_POOL_NAME // Bola's workload identity pool name.
   

   To retrieve project numbers for Alex and Bola, run the following commands in the relevant projects:

   gcloud projects describe ALEX_PROJECT_ID --format="value(projectNumber)"
   

   gcloud projects describe BOLA_PROJECT_ID --format="value(projectNumber)"
   

5. In Alex's project, click Open editor to open the Cloud Shell Editor, and then create a new file called salary.go. Copy the following code into the file, and then save it:

   // READ ME FIRST: Before compiling, customize the details in the USER VARIABLES
   // SECTION starting at line 30.
   
   package main
   
   import (
     "context"
     "fmt"
     "io"
     "strconv"
     "strings"
     "time"
   
     kms "cloud.google.com/go/kms/apiv1"
     kmspb "cloud.google.com/go/kms/apiv1/kmspb"
     "cloud.google.com/go/storage"
     "google.golang.org/api/option"
   )
   
   type collaborator struct {
     name         string
     wipName      string
     keyName      string
     inputBucket  string
     inputFile    string
     outputBucket string
     outputFile   string
   }
   
   // ============================
   // START USER VARIABLES SECTION
   // You need to customize this section, replacing each const's value with
   // your own.
   
   // To get a project number, use the following command, and substitute
   // <PROJECT_ID> for the data collaborator's project ID.
   // gcloud projects describe <PROJECT_ID> --format="value(projectNumber)"
   
   // Alex's values
   const collaborator1Name string = "Alex" // Alex's name
   const collaborator1EncryptedSalaryFileName string = "ALEX_ENCRYPTED_SALARY_FILE" // The name of Alex's encrypted salary file.
   const collaborator1BucketInputName string = "ALEX_INPUT_BUCKET_NAME" // The name of the storage bucket that contains Alex's encrypted salary file.
   const collaborator1BucketOutputName string = "ALEX_RESULTS_BUCKET_NAME" // The name of the storage bucket to store Alex's results in.
   const collaborator1BucketOutputFilePrefix string = "ALEX_RESULTS_FILE_PREFIX" // A prefix for Alex's results filename. The code adds a timestamp to this prefix.
   const collaborator1KMSKeyringName string = "ALEX_KEYRING_NAME" // Alex's Key Management Service key ring.
   const collaborator1KMSKeyName string = "ALEX_KEY_NAME" // Alex's Key Management Service key.
   const collaborator1ProjectName string = "ALEX_PROJECT_ID" // Alex's project ID.
   const collaborator1ProjectNumber string = "ALEX_PROJECT_NUMBER" // Alex's project number.
   const collaborator1PoolName string = "ALEX_POOL_NAME" // Alex's workload identity pool name.
   
   // Bola's values
   const collaborator2Name string = "Bola" // Bola's name
   const collaborator2EncryptedSalaryFileName string = "BOLA_ENCRYPTED_SALARY_FILE" // The name of Bola's encrypted salary file.
   const collaborator2BucketInputName string = "BOLA_INPUT_BUCKET_NAME" // The name of the storage bucket that contains Bola's encrypted salary file.
   const collaborator2BucketOutputName string = "BOLA_RESULTS_BUCKET_NAME" // The name of the storage bucket to store Bola's results in.
   const collaborator2BucketOutputFilePrefix string = "BOLA_RESULTS_FILE_PREFIX" // A prefix for Bola's results filename. The code adds a timestamp to this prefix.
   const collaborator2KMSKeyringName string = "BOLA_KEYRING_NAME" // Bola's Key Management Service key ring.
   const collaborator2KMSKeyName string = "BOLA_KEY_NAME" // Bola's Key Management Service key.
   const collaborator2ProjectName string = "BOLA_PROJECT_ID" // Bola's project ID.
   const collaborator2ProjectNumber string = "BOLA_PROJECT_NUMBER" // Bola's project number.
   const collaborator2PoolName string = "BOLA_POOL_NAME" // Bola's workload identity pool name.
   
   // END USER VARIABLES SECTION
   // ==========================
   
   var collaborators = [2]collaborator{
     {
       collaborator1Name,
       "projects/" + collaborator1ProjectNumber + "/locations/global/workloadIdentityPools/" + collaborator1PoolName + "/providers/attestation-verifier",
       "projects/" + collaborator1ProjectName + "/locations/global/keyRings/" + collaborator1KMSKeyringName + "/cryptoKeys/" + collaborator1KMSKeyName,
       collaborator1BucketInputName,
       collaborator1EncryptedSalaryFileName,
       collaborator1BucketOutputName,
       collaborator1BucketOutputFilePrefix,
     },
     {
       collaborator2Name,
       "projects/" + collaborator2ProjectNumber + "/locations/global/workloadIdentityPools/" + collaborator2PoolName + "/providers/attestation-verifier",
       "projects/" + collaborator2ProjectName + "/locations/global/keyRings/" + collaborator2KMSKeyringName + "/cryptoKeys/" + collaborator2KMSKeyName,
       collaborator2BucketInputName,
       collaborator2EncryptedSalaryFileName,
       collaborator2BucketOutputName,
       collaborator2BucketOutputFilePrefix,
     },
   }
   
   const credentialConfig = `{
           "type": "external_account",
           "audience": "//iam.googleapis.com/%s",
           "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
           "token_url": "https://sts.googleapis.com/v1/token",
           "credential_source": {
             "file": "/run/container_launcher/attestation_verifier_claims_token"
           }
           }`
   
   func main() {
     fmt.Println("workload started")
     ctx := context.Background()
   
     storageClient, err := storage.NewClient(ctx) // using the default credential on the Compute Engine VM
     if err != nil {
       panic(err)
     }
   
     // get and decrypt
     s0, err := getSalary(ctx, storageClient, collaborators[0])
     if err != nil {
       panic(err)
     }
   
     s1, err := getSalary(ctx, storageClient, collaborators[1])
     if err != nil {
       panic(err)
     }
   
     res := ""
     if s0 > s1 {
       res = fmt.Sprintf("%s earns more!\n", collaborators[0].name)
     } else if s1 < s0 {
       res = fmt.Sprintf("%s earns more!\n", collaborators[1].name)
     } else {
       res = "earns same\n"
     }
   
     now := time.Now()
     for _, cw := range collaborators {
       outputWriter := storageClient.Bucket(cw.outputBucket).Object(fmt.Sprintf("%s-%d", cw.outputFile, now.Unix())).NewWriter(ctx)
   
       _, err = outputWriter.Write([]byte(res))
       if err != nil {
         fmt.Printf("Could not write: %v", err)
         panic(err)
       }
       if err = outputWriter.Close(); err != nil {
         fmt.Printf("Could not close: %v", err)
         panic(err)
       }
     }
   }
   
   func getSalary(ctx context.Context, storageClient *storage.Client, cw collaborator) (float64, error) {
     encryptedBytes, err := getFile(ctx, storageClient, cw.inputBucket, cw.inputFile)
     if err != nil {
       return 0.0, err
     }
     decryptedByte, err := decryptByte(ctx, cw.keyName, cw.wipName, encryptedBytes)
     if err != nil {
       return 0.0, err
     }
     decryptedNumber := strings.TrimSpace(string(decryptedByte))
     num, err := strconv.ParseFloat(decryptedNumber, 64)
     if err != nil {
       return 0.0, err
     }
     return num, nil
   }
   
   func decryptByte(ctx context.Context, keyName, wippro string, encryptedData []byte) ([]byte, error) {
     cc := fmt.Sprintf(credentialConfig, wippro)
     kmsClient, err := kms.NewKeyManagementClient(ctx, option.WithCredentialsJSON([]byte(cc)))
     if err != nil {
       return nil, fmt.Errorf("creating a new KMS client with federated credentials: %w", err)
     }
   
     decryptRequest := &kmspb.DecryptRequest{
       Name:       keyName,
       Ciphertext: encryptedData,
     }
     decryptResponse, err := kmsClient.Decrypt(ctx, decryptRequest)
     if err != nil {
       return nil, fmt.Errorf("could not decrypt ciphertext: %w", err)
     }
   
     return decryptResponse.Plaintext, nil
   }
   
   func getFile(ctx context.Context, c *storage.Client, bucketName string, objPath string) ([]byte, error) {
     bucketHandle := c.Bucket(bucketName)
     objectHandle := bucketHandle.Object(objPath)
   
     objectReader, err := objectHandle.NewReader(ctx)
     if err != nil {
       return nil, err
     }
     defer objectReader.Close()
   
     s, err := io.ReadAll(objectReader)
     if err != nil {
       return nil, err
     }
   
     return s, nil
   }
   

6. Make sure that all parties read and audit the source code.

7. Create a file named Dockerfile in Cloud Shell Editor containing the following contents:

   # Compile the provided Go code to a statically linked binary
   FROM golang:latest AS build
   WORKDIR /build
   COPY salary.go .
   RUN go mod init salary
   RUN go get cloud.google.com/go/kms/apiv1 cloud.google.com/go/storage google.golang.org/api/option google.golang.org/genproto/googleapis/cloud/kms/v1
   RUN CGO_ENABLED=0 go build -trimpath
   
   # Build the workload container image
   FROM alpine:latest AS run
   WORKDIR /test
   COPY --from=build /build/salary /test/salary
   ENTRYPOINT ["/test/salary"]
   CMD []
   

   This Dockerfile uses a multi-stage build to first compile the Go code and then copies the compiled version of that code to the final Docker container.

8. Click Open Terminal to switch back to Cloud Shell, or invoke the terminal built into Cloud Shell Editor from the View menu.

9. Update your Docker credentials to include the us-docker.pkg.dev domain name:

   gcloud auth configure-docker us-docker.pkg.dev
   

10. Create a Docker image from Dockerfile by entering the following command in the terminal:

    docker build -t \
        us-docker.pkg.dev/ALEX_PROJECT_ID/REPOSITORY_NAME/WORKLOAD_CONTAINER_NAME:latest .
    

11. Push the Docker image to Artifact Registry:

    docker push \
        us-docker.pkg.dev/ALEX_PROJECT_ID/REPOSITORY_NAME/WORKLOAD_CONTAINER_NAME
    

12. The Docker push response lists the image's SHA256 digest, which is needed later to authorize the workload. The digest looks similar to the following example:

    sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    

    Copy the image digest (including the sha256: prefix) somewhere you can reference it. You can also enter the digest in the following code sample to prefill the rest of the code samples in this guide that need the value:

    WORKLOAD_CONTAINER_IMAGE_DIGEST
    

13. Make sure all parties audit the Docker image and verify that it's trustworthy before authorizing its use.

Authorize the workload

With the workload approved by both parties, Alex and Bola need to add Google Cloud Attestation as a provider to their workload identity pools. The provider specifies the attestation service to use, and the properties the workload must match for it to be allowed to operate on Alex's or Bola's data. If a malicious actor changes the Docker image, or alters another measured property, the workload is denied access.

This guide uses attribute mappings to provide direct resource access to the workload based on the image digest. However, for other situations you may prefer to use service account impersonation to access the resources. See External workload access to learn more.

To set up the providers for Alex and Bola with the required conditions, complete the following steps:

1. Enter the following command to create the provider for Alex:

   gcloud iam workload-identity-pools providers create-oidc attestation-verifier \
       --location=global \
       --workload-identity-pool=ALEX_POOL_NAME \
       --issuer-uri="https://confidentialcomputing.googleapis.com/" \
       --allowed-audiences="https://sts.googleapis.com" \
       --attribute-mapping="google.subject=\"gcpcs::\"+assertion.submods.container.image_digest+\"::\"+assertion.submods.gce.project_number+\"::\"+assertion.submods.gce.instance_id,attribute.image_digest=assertion.submods.container.image_digest" \
       --attribute-condition="assertion.swname == 'CONFIDENTIAL_SPACE' \
           && 'STABLE' in assertion.submods.confidential_space.support_attributes"
   

2. Grant the federated identity defined by Alex's provider the cloudkms.cryptoKeyDecrypter role, specifying the image_digest attribute so only workload containers with the specified digest can decrypt their KMS keys:

   gcloud kms keys add-iam-policy-binding \
       projects/ALEX_PROJECT_ID/locations/global/keyRings/ALEX_KEYRING_NAME/cryptoKeys/ALEX_KEY_NAME \
       --member="principalSet://iam.googleapis.com/projects/ALEX_PROJECT_NUMBER/locations/global/workloadIdentityPools/ALEX_POOL_NAME/attribute.image_digest/WORKLOAD_CONTAINER_IMAGE_DIGEST" \
       --role=roles/cloudkms.cryptoKeyDecrypter
   

3. Switch to Bola's project:

   gcloud config set project BOLA_PROJECT_ID
   

4. Enter the following command to create the provider for Bola:

   gcloud iam workload-identity-pools providers create-oidc attestation-verifier \
       --location=global \
       --workload-identity-pool=BOLA_POOL_NAME \
       --issuer-uri="https://confidentialcomputing.googleapis.com/" \
       --allowed-audiences="https://sts.googleapis.com" \
       --attribute-mapping="google.subject=\"gcpcs::\"+assertion.submods.container.image_digest+\"::\"+assertion.submods.gce.project_number+\"::\"+assertion.submods.gce.instance_id,attribute.image_digest=assertion.submods.container.image_digest" \
       --attribute-condition="assertion.swname == 'CONFIDENTIAL_SPACE' \
           && 'STABLE' in assertion.submods.confidential_space.support_attributes"
   

5. Grant the federated identity defined by Bola's provider the cloudkms.cryptoKeyDecrypter role, specifying the image_digest attribute so only workload containers with the specified digest can decrypt their KMS keys:

   gcloud kms keys add-iam-policy-binding \
       projects/BOLA_PROJECT_ID/locations/global/keyRings/BOLA_KEYRING_NAME/cryptoKeys/BOLA_KEY_NAME \
       --member="principalSet://iam.googleapis.com/projects/BOLA_PROJECT_NUMBER/locations/global/workloadIdentityPools/BOLA_POOL_NAME/attribute.image_digest/WORKLOAD_CONTAINER_IMAGE_DIGEST" \
       --role=roles/cloudkms.cryptoKeyDecrypter
   

Deploy the workload

With providers added to both Alex and Bola's workload identity pools and the required resources in place, it's time for the workload operator to run the workload.

To deploy the workload, create a new Confidential VM instance in Bola's project that has the following properties:

• A supported configuration for a Confidential VM instance with AMD SEV, Intel TDX, or Intel TDX with NVIDIA Confidential Computing (Preview).

• An OS based on the Confidential Space image.

• Secure Boot enabled.

• The Docker image attached that Alex created earlier.

• The service account attached that runs the workload.

Enter the following command in Bola's Cloud Shell to deploy the workload:

gcloud compute instances create WORKLOAD_VM_NAME \
    --confidential-compute-type=SEV \
    --shielded-secure-boot \
    --scopes=cloud-platform \
    --zone=us-west1-b \
    --maintenance-policy=MIGRATE \
    --image-project=confidential-space-images \
    --image-family=confidential-space \
    --service-account=WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
    --metadata="^~^tee-image-reference=us-docker.pkg.dev/ALEX_PROJECT_ID/REPOSITORY_NAME/WORKLOAD_CONTAINER_NAME:latest"

You can view the progress of the workload in Bola's project by going to Logs explorer.

Go to Logs explorer

To find the Confidential Space logs, filter by the following Log fields if they're available:

• Resource type: VM Instance

• Instance ID: The instance ID of the VM

• Log name: confidential-space-launcher

To refresh the log, click keyboard_tab Jump to now.

When the workload is finished, the VM instance stops. If you want to change the encrypted salary files and deploy the workload again, you only need to start the existing VM:

gcloud compute instances start WORKLOAD_VM_NAME --zone=us-west1-b

View the results

After the workload has successfully completed, both Alex and Bola can view the results in their respective results buckets:

1. Switch to Alex's project:

   gcloud config set project ALEX_PROJECT_ID
   

2. List all the files in their results bucket:

   gcloud storage ls gs://ALEX_RESULTS_BUCKET_NAME
   

   Then read the latest file that was listed, replacing ALEX_RESULTS_CLOUD_STORAGE_PATH with the path of the file, including the gs://:

   gcloud storage cat ALEX_RESULTS_CLOUD_STORAGE_PATH
   

3. Switch to Bola's project:

   gcloud config set project BOLA_PROJECT_ID
   

4. For Bola, list all the files in their results bucket:

   gcloud storage ls gs://BOLA_RESULTS_BUCKET_NAME
   

   Then read the latest file that was listed, replacing BOLA_RESULTS_CLOUD_STORAGE_PATH with the path of the file, including the gs://:

   gcloud storage cat BOLA_RESULTS_CLOUD_STORAGE_PATH
   

By reading the files, Alex and Bola each discover who earns more without ever revealing their salaries to each other.

Debug the workload

You can use Logs explorer to troubleshoot issues like resources not being set up correctly, or attribute conditions in providers not matching the claims made by the Confidential Space workload.

To do so, you need to make the following changes:

• Update Alex and Bola's workload identity pool providers to remove the support_attributes assertion. You need to use the Confidential Space debug image to perform more in-depth troubleshooting, and that image has no support attributes to verify.

• Create the workload VM using the Confidential Space debug image, and set the VM metadata to redirect STDOUT and STDERR to Cloud Logging to capture all output from the workload.

To make the changes, complete the following steps:

1. Switch to Alex's project:

   gcloud config set project ALEX_PROJECT_ID
   

2. Update Alex's provider to remove the support_attributes assertion:

   gcloud iam workload-identity-pools providers update-oidc attestation-verifier \
       --location=global \
       --workload-identity-pool=ALEX_POOL_NAME \
       --issuer-uri="https://confidentialcomputing.googleapis.com/" \
       --allowed-audiences="https://sts.googleapis.com" \
       --attribute-mapping="google.subject=\"gcpcs::\"+assertion.submods.container.image_digest+\"::\"+assertion.submods.gce.project_number+\"::\"+assertion.submods.gce.instance_id,attribute.image_digest=assertion.submods.container.image_digest" \
       --attribute-condition="assertion.swname == 'CONFIDENTIAL_SPACE'"
   

3. Switch to Bola's project:

   gcloud config set project BOLA_PROJECT_ID
   

4. Update Bola's provider to remove the support_attributes assertion:

   gcloud iam workload-identity-pools providers update-oidc attestation-verifier \
       --location=global \
       --workload-identity-pool=BOLA_POOL_NAME \
       --issuer-uri="https://confidentialcomputing.googleapis.com/" \
       --allowed-audiences="https://sts.googleapis.com" \
       --attribute-mapping="google.subject=\"gcpcs::\"+assertion.submods.container.image_digest+\"::\"+assertion.submods.gce.project_number+\"::\"+assertion.submods.gce.instance_id,attribute.image_digest=assertion.submods.container.image_digest" \
       --attribute-condition="assertion.swname == 'CONFIDENTIAL_SPACE'"
   

5. Create a new VM with the Confidential Space debug image, and tee-container-log-redirect set to true in the metadata.

   gcloud compute instances create WORKLOAD_VM_2_NAME \
       --confidential-compute-type=SEV \
       --shielded-secure-boot \
       --scopes=cloud-platform \
       --zone=us-west1-b \
       --maintenance-policy=MIGRATE \
       --min-cpu-platform="AMD Milan" \
       --image-project=confidential-space-images \
       --image-family=confidential-space-debug \
       --service-account=WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com \
       --metadata="^~^tee-image-reference=us-docker.pkg.dev/ALEX_PROJECT_ID/REPOSITORY_NAME/WORKLOAD_CONTAINER_NAME:latest~tee-container-log-redirect=true"
   

Unlike the production image, the debug image keeps the VM running after the workload has finished. This means you can use SSH to connect to your VM to continue debugging.

Cleanup

To remove the resources created in this guide, complete the following instructions.

Clean up Alex's resources

1. Switch to Alex's project:

   gcloud config set project ALEX_PROJECT_ID
   

2. Delete Alex's workload identity pool:

   gcloud iam workload-identity-pools delete ALEX_POOL_NAME \
       --location=global
   

3. Delete Alex's Cloud Storage buckets:

   gcloud storage rm gs://ALEX_INPUT_BUCKET_NAME \
       gs://ALEX_RESULTS_BUCKET_NAME --recursive
   

4. Delete Alex's salary files and the Go code:

   rm ALEX_SALARY.txt \
       ALEX_ENCRYPTED_SALARY_FILE \
       salary.go salary \
       go.mod go.sum
   

5. Optional: Disable or destroy Alex's Cloud Key Management Service key.

6. Optional: Shut down Alex's project.

Clean up Bola's resources

1. Switch to Bola's project:

   gcloud config set project BOLA_PROJECT_ID
   

2. Delete the workload VM:

   gcloud compute instances delete WORKLOAD_VM_NAME --zone=us-west1-b
   

3. Delete the service account that runs the workload:

   gcloud iam service-accounts delete \
       WORKLOAD_SERVICE_ACCOUNT_NAME@BOLA_PROJECT_ID.iam.gserviceaccount.com
   

4. Optional: If you created a debug VM, delete it:

   gcloud compute instances delete WORKLOAD_VM_2_NAME --zone=us-west1-b
   

5. Delete Bola's workload identity pool:

   gcloud iam workload-identity-pools delete BOLA_POOL_NAME \
       --location=global
   

6. Delete Bola's Cloud Storage buckets:

   gcloud storage rm gs://BOLA_INPUT_BUCKET_NAME \
       gs://BOLA_RESULTS_BUCKET_NAME --recursive
   

7. Delete Bola's salary files:

   rm BOLA_SALARY.txt \
       BOLA_ENCRYPTED_SALARY_FILE
   

8. Optional: Disable or destroy Bola's Cloud Key Management Service key.

9. Optional: Shut down Bola's project.