macOS¶

Installation¶

Requires at least OSX 12.0 (Monterey).

Install the homebrew package manager if you don't already have it.

Tip

We default to suggesting installation via homebrew because of the ease of updates, but if you don't want to install homebrew, see our manual install guide.
Install Enclave
```
brew install enclave
```
You will likely be prompted to provide local credentials.
Once installed, enrol your system with your Enclave Organisation
```
sudo enclave enrol
```
You will be asked for a valid Enrolment Key from your Portal account.

Info

Enclave stores the generated private keys for your local Enclave identity in a way that prevents easy access without local admin privileges, which is why this command runs under sudo.
Depending on the type of enrolment key you used to enrol your new system, it might be held waiting for an Administrator to provide enrolment approval in your account Portal. Log in to authorise the enrolment of your new system if you need to, and configure additional options like DNS.

You're all set! You've successfully enrolled a new system to your Enclave account.

Starting and stopping Enclave¶

The installer creates a lightweight supervisor service set to run at system start which is responsible for starting the Enclave fabric. The supervisor service exists to start, stop and restart Enclave fabric in the background as daemon child processes.

The supervisor service responds to the Enclave CLI verbs start and stop to control the Fabric.

Updating Enclave¶

You can run

brew upgrade enclave

to install the latest version of enclave; your existing enrolment will be preserved.

Uninstalling Enclave¶

To remove Enclave, you can run:

brew uninstall enclave

This will stop all Enclave processes, and remove the binaries from your system, but your Enclave configuration, private keys and log files will be left in-place.

If you wish to fully clear Enclave from your system, run:

brew uninstall enclave --zap

This will remove all configuration, private keys and log files from your system along with the Enclave binaries.

Warning

Enclave does not backup a system's private keys. Lost or deleted private keys are not recoverable. If a system's configuration and private keys are lost, to use that system with Enclave again it must be re-enrolled.

Installing without Brew¶

If you are unable to deploy using homebrew, you can also manually deploy Enclave directly from a .pkg file.

There are two options for how to run the installer.

Interactive¶

To install interactively, follow these steps:

Download our .pkg installer file here.

Package checksum (loading ...)

----------------------------------------------------------------
Once the installer is complete, to make the enclave cli command available from your terminal, run the following command in a terminal windows:
```
sudo ln -sf /Applications/enclave/enclave /usr/local/bin/enclave
```
Info

This block creates a symbolic link from /usr/local/bin/enclave to the actual installation directory, to make enclave available directly in the terminal.
Finally, enrol your system:
```
sudo enclave enrol
```

Unattended¶

You can deploy entirely from the terminal with this script. Be sure to change the enrolment key to match your tenant:

install.sh

export ENCLAVE_VERSION="$(curl https://install.enclave.io/latest/osx-homebrew-version.txt)"
curl https://release.enclave.io/enclave_osx-installer-x64-stable-$ENCLAVE_VERSION.pkg -o enclave-installer.pkg

sudo installer -pkg enclave-installer.pkg -target /
sudo ln -sf /Applications/enclave/enclave /usr/local/bin/enclave

enclave version
sudo enclave enrol XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Use this script to configure one or more search domains. The following example configures Enclave as a stub resolver for example.com.

configure-search-domain.sh

sudo mkdir -p /etc/resolver
export ENCLAVE_IP=$(enclave get-ip --profile Universe)
sudo sh -c "echo 'nameserver $ENCLAVE_IP' > /etc/resolver/example.com"

Note

The default macos shell doesn't permit multi-line paste, so if you're not copying into a file, you may need to work line-by-line.

Updating¶

You can update a macOS deployment made via our .pkg file by running the latest pkg file interactively, or re-running the unattended install script.

The new version of Enclave will install over the top, preserving the existing settings and profile.

Uninstalling¶

To uninstall a macOS deployment made via our .pkg file, you should run the provided uninstall script from your terminal:

sudo /Applications/enclave/uninstall.sh

This will automatically remove the Enclave application and it's associated settings.

Warning

Enclave does not backup a system's private keys. Lost or deleted private keys are not recoverable. If a system's configuration and private keys are lost, to use that system with Enclave again it must be re-enrolled.