Deploy the zcp-enclave into your AWS VPC using the open-source ZeroCopy CLI.
Permissions to launch Nitro-enabled EC2 instances and manage IAM roles.
Required for building the enclave image locally before upload.
The open-source CLI manages the enclave lifecycle, from key generation to policy updates.
1brew install zerocopy-systems/tap/zcp
Create a new enclave configuration. This generates an enclave.toml file defining your signing policies.
1zcp init --name my-trading-bot23# Created enclave.toml4# Created policy/policy.yaml
The CLI provisions a dedicated Nitro Enclave instance in your VPC, builds the EIF (Enclave Image File), and boots it.
1zcp deploy --region us-east-1
Security note: This creates a new EC2 instance with no SSH access. Communication is only possible via the vsock proxy.
The enclave is now running. Verify its attestation and sign your first payload via the vsock proxy.
1zcp verify-proof ./attestation.json2zcp sign --msg "hello world"