Installation

In this quick start guide we will start your journey with Enclave by showing you how to enrol your first two systems and use policy and tags to establish a private network between them.

Prerequisites

To follow this guide, you will need:

1. An Enclave account, it's free to register

2. At least two computers, devices or containers where you can install software

Get an Enrolment Key

You will need an Enrolment Key from your account to install Enclave. Enrolment Keys allow you to enrol new systems or devices to your Enclave account.

1. Login to your account in the Enclave Portal

2. Navigate to the Enrolment Keys page and select the Quick Start Key from the table

3. In the details pane, select View key and make a note of the 30 character Enrolment Key

Security

Enrolment keys should be treated as secrets; handle, share and store your Enrolment Keys as you would any other organisational secret.

Production use

This guide uses a Quick Start Key which was automatically created when you first registered for an account. This key by default is limited to 5 uses. You can (and should) create your own Enrolment Keys for use in production. Visit the Enrolment Keys section of the handbook to learn more about creating and managing Enrolment Keys.

Install Enclave

You will need to install Enclave on at least two separate devices, systems or containers.

WindowsMacOSLinuxContainersAndroidiOSNetwork Attached Storage

Requires Windows 7, 8, 10 or Windows Server 2012, 2016 and 2019 (any edition). Packages are available for the x64 architecture.

1. Download and run the latest Windows installer

   Download Enclave for Windows

   Package checksum (loading ...)

   ----------------------------------------------------------------

   Package version

   xxxx.xx.xx.xxxx (Direct Download)

   Want to deploy Enclave automatically via Group Policy or Configuration Manager? Check our docs on unattended installation for details.

2. Provide the Quick Start Key from your account to complete the installation

Requires at least OSX 10.10 (Yosemite).

1. Install the Homebrew Package Manager if you don't already have it

2. Install Enclave, you will likely be prompted to provide local credentials.

   brew install enclave
   

3. Once installed, enrol your system with your Enclave Organisation

   sudo enclave enrol
   

Provide the Quick Start Key from your account to complete the installation

Select your distribution:

Ubuntu / Debian / RaspbianCentOS / RHEL / FedoraAmazon LinuxOpenSUSE / SLESOther

Requires at least Ubuntu 16.04 LTS or Debian 10 or Raspbian 10.

1. Install apt-transport-https

   sudo apt install gpg curl apt-transport-https
   

2. Add Enclave’s package signing key

   curl -fsSL https://packages.enclave.io/apt/enclave.stable.gpg  | sudo gpg --dearmor -o /usr/share/keyrings/enclave.gpg
   

3. Set up the apt repository

   echo \
     "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/enclave.gpg] https://packages.enclave.io/apt stable main" | \
     sudo tee /etc/apt/sources.list.d/enclave.stable.list
   

4. Install Enclave

   sudo apt update && sudo apt install enclave
   

5. Enrol

   sudo enclave enrol
   

6. Provide your Default Enrolment Key to complete the installation

Select your version:

CentOS / RHEL 7CentOS / RHEL 8Fedora

1. Install Enclave using our quick-start script

   bash <(curl -Ss https://install.enclave.io/setup.sh)
   

2. Provide your Default Enrolment Key to complete the installation

Requires at least CentOS or RHEL 8.

1. Install Dependencies

   sudo dnf -y install dnf-plugins-core
   

2. Add Enclave’s repository to rpm sources

   sudo dnf config-manager --add-repo https://packages.enclave.io/rpm/enclave.repo
   

3. Install Enclave

   sudo dnf install enclave
   

4. Enrol

   sudo enclave enrol
   

5. Provide your Default Enrolment Key to complete the installation

Requires at least Fedora 38.

1. Install Dependencies

   sudo dnf -y install dnf-plugins-core
   

2. Add Enclave’s repository to rpm sources

   sudo dnf config-manager --add-repo https://packages.enclave.io/rpm/enclave.repo
   

3. Install Enclave

   sudo dnf install enclave
   

4. Enrol

   sudo enclave enrol
   

5. Provide your Default Enrolment Key to complete the installation

Requires at least Amazon Linux 2018.03.

1. Install Enclave using our quick-start script

   bash <(curl -Ss https://install.enclave.io/setup.sh)
   

2. Provide your Default Enrolment Key to complete the installation

1. Add Enclave’s repository to rpm sources

   sudo zypper addrepo https://packages.enclave.io/rpm/enclave.repo
   

2. Install Enclave

   sudo zypper install enclave
   

3. Enrol

   sudo enclave enrol
   

4. Provide your Default Enrolment Key to complete the installation

Arch Linux

Requires at least Arch Linux 2020.08.01.

1. Install Enclave using our quick-start script

   bash <(curl -Ss https://install.enclave.io/setup.sh)
   

2. Provide your Default Enrolment Key to complete the installation

Select your platform:

DockerKubernetes

1. Create a docker-compose.yml file:

   version: '3.1'
   
   services:
     enclave-fabric:
       container_name: fabric
       image: enclavenetworks/enclave:latest
       restart: always
   
       cap_add:
         - NET_ADMIN
       devices:
         - /dev/net/tun
       environment:
         ENCLAVE_ENROLMENT_KEY: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
       volumes:
         - enclave-config:/etc/enclave/profiles
         - enclave-logs:/var/log/enclave
   
   volumes:
     enclave-config:
     enclave-logs:
   

2. Replace XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with your Quick Start Key

3. Bring the container up using docker-compose up -d

4. Verify Enclave is running insider the container with docker exec fabric enclave status

1. Add the enclave-sidecar to your pod yaml file under the containers: section. For example, if your pod contains an nginx container:

   spec:
     containers:
     - name: nginx-container
       image: nginx:1.7.9
       ports:
         - containerPort: 80
   

   Add the enclave-sidecar definition to below your existing pod:

   spec:
     containers:
     - name: nginx-container
       ...
   
     - name: enclave-sidecar
       image: enclavenetworks/enclave:latest
       env:
         - name: "ENCLAVE_ENROLMENT_KEY"
           value: "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
       securityContext:
         capabilities:
           add: ['NET_ADMIN']
       volumeMounts:
         - name: tun
           mountPath: /dev/net/tun
     volumes:
       - name: tun
         hostPath:
           type: 'CharDevice'
           path: /dev/net/tun
   

   Tip

   See pod.yaml for a complete example.

2. Replace XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with your Quick Start Key

3. Push your changes to the cluster using kubectl apply or your preferred method

1. Install the Enclave Agent app from the Google Play Store.

   

2. Provide the Quick Start Key from your account to enrol the installed app.

Tip

You can help users enrol by providing them with an "enrolment key link", in the form: https://install.enclave.io/android?k=<enrolment key here> If users click the link on their device, it will automatically open the Enclave Agent app and pre-populate the key without them needing to paste it in.

1. Install the Enclave Agent app from the App Store.

   

2. Provide the Quick Start Key from your account to enrol the installed app.

Coming Soon

We will soon support app links to improve the enrolment process for users; for now users will need to paste the enrolment key in the Enrolment screen.

Select your device:

Synology NAS

1. We have beta support for Synology NAS drives (running on DSM 7.0 or later) via docker. Please follow our guide to installing Enclave on your Synology NAS drive.

Congratulations! You've successfully enrolled a new system to your Enclave account. Once you've enrolled at least two systems, continue by attaching tags to your newly enrolled systems.