A lightweight HTTP sidecar service for interacting with Dstack TEE to generate attestation quotes and perform attestation operations.
This service provides a REST API interface to the Dstack SDK, enabling easy integration with Trusted Execution Environment (TEE) attestation capabilities. It allows applications to generate cryptographic quotes and attestations for secure computation verification.
- π Quote Generation: Generate TEE quotes with custom data
- β Attestation: Create attestation proofs for application state
- π RTMR Replay: Automatic replay of Runtime Measurement Registers from event logs
- π Fast & Lightweight: Built with Axum for high-performance async operations
- π JSON API: Simple REST endpoints with JSON responses
- π Health Checks: Built-in health monitoring endpoints
- Rust
- Axum - Web framework
- Dstack SDK - TEE attestation library
- Tokio - Async runtime
- Serde - JSON serialization
The service can be configured using environment variables:
| Variable | Description | Default |
|---|---|---|
QUOTE_SIDECAR__SERVER__HOST |
Server bind address | 0.0.0.0 |
QUOTE_SIDECAR__SERVER__PORT |
Server port | 9999 |
export QUOTE_SIDECAR__SERVER__HOST=127.0.0.1
export QUOTE_SIDECAR__SERVER__PORT=8080# Development mode
cargo run
# Production mode (release build)
cargo run --releaseThe server will start on http://0.0.0.0:9999 by default.
GET /
Returns service information and current timestamp.
Response:
{
"service": "dstack-quote-sidecar",
"timestamp": "2026-02-12T09:30:45.123456Z"
}GET /health
Health check endpoint for monitoring.
Response:
{
"status": "ok"
}GET /quote
Generates a TEE quote for the provided data and replays RTMRs from the event log.
Query Parameters:
data(optional): Custom data to include in the quote. Defaults to"hello world"if not provided.
Examples:
# With default data
curl http://localhost:9999/quote
# With custom data
curl "http://localhost:9999/quote?data=user:alice:nonce123"Success Response:
{
"quote": "Quote { ... }",
"rtmrs": "Rtmrs { ... }"
}Error Response:
{
"error": "Failed to get quote: ..."
}GET /attest
Generates an attestation quote for the provided application state.
Query Parameters:
data(optional): Custom data to include in the attestation. Defaults to"hello world"if not provided.
Examples:
# With default data
curl http://localhost:9999/attest
# With custom data
curl "http://localhost:9999/attest?data=my-app-state"Success Response:
{
"attestation": "eyJ0eXAiOiJKV1QiLCJhbGc..."
}Error Response:
{
"error": "Failed to attest: ..."
}dstack-quote-sidecar/
βββ src/
β βββ main.rs # Application entry point
β βββ application.rs # Application setup and routing
β βββ config.rs # Configuration management
β βββ handlers.rs # HTTP request handlers
β βββ errors.rs # Error types
βββ Cargo.toml # Project dependencies
βββ README.md # This file
For local development without TDX hardware, use the Dstack simulator:
git clone https://github.com/Dstack-TEE/dstack.git
cd dstack/sdk/simulator
./build.shImportant: The simulator needs to expose the internal API on HTTP instead of Unix sockets. Edit dstack.toml:
[internal]
address = "0.0.0.0:8090"
reuse = true./dstack-simulatorThe simulator will now listen on http://0.0.0.0:8090.
In a separate terminal:
cd /path/to/dstack-quote-sidecar
export DSTACK_SIMULATOR_ENDPOINT=http://localhost:8090
cargo run# Test quote endpoint
curl "http://localhost:9999/quote?data=test123"
# Test attestation endpoint
curl "http://localhost:9999/attest?data=my-app-state"cargo testcargo checkcargo fmtcargo clippyThe service uses tracing for structured logging. Set the RUST_LOG environment variable to control log levels:
# Debug level
RUST_LOG=debug cargo run
# Info level (default)
RUST_LOG=info cargo run
# Trace level (verbose)
RUST_LOG=trace cargo runThe service handles graceful shutdown on:
CTRL+C(SIGINT)SIGTERM(Unix-like systems)
MIT License - See LICENSE file for details
- Dstack TEE - The underlying TEE attestation framework