Phala Network Docs
  • Home
    • 👾Phala Network Docs
  • Overview
    • ⚖️Phala Network
      • 💎Phala Cloud
      • 🥷Dstack
      • 🔐GPU TEE
    • 💎PHA Token
      • 🪙Introduction
      • 👐Delegation
        • Delegate to StakePool
        • What is Vault
        • What is Share
        • WrappedBalances & W-PHA
        • Examples of Delegation
        • Use Phala App to Delegate
        • Estimate Your Reward
      • 🗳️Governance
        • Governance Mechanism
        • Join the Council
        • Voting for Councillors
        • Apply for Project Funding
        • Phala Treasury
        • Phala Governance
        • Setting Up an Account Identity
  • Phala Cloud
    • 🚀Getting Started
      • Create Your Phala Cloud Account
      • Your First CVM Deployment
      • Explore Templates
        • Launch an Eliza Agent
        • Start from Template
    • 🪨TEEs, Attestation & Zero Trust Security
      • Attestation
      • Security Architecture
    • 🥷Phala Cloud User Guides
      • Deploy and Manage CVMs
        • Deploy CVM with Docker Compose
        • Set Secure Environment Variables
        • Deploy Private Docker Image to CVM
        • Debugging and Analyzing Logs
          • Check Logs
          • Private Log Viewer
          • Debug Your Application
        • Application Scaling & Resource Management
        • Upgrade Application
        • Deployment Cheat Sheet
      • Building with TEE
        • Access Your Applications
        • Expose Service Port
        • Setting Up Custom Domain
        • Secure Access Database
        • Create Crypto Wallet
        • Generate Remote Attestation
      • Advanced Deployment Options
        • Deploy CVM with Phala Cloud CLI
        • Deploy CVM with Phala Cloud API
        • Setup a CI/CD Pipeline
    • 🚢Be Production Ready
      • CI/CD Automation
        • Setup a CI/CD Pipeline
      • Production Checklist
      • Troubleshooting Guide
      • Glossary
    • 🔒Use Cases
      • TEE with AI
      • TEE with FHE and MPC
      • TEE with ZK and ZKrollup
    • 📋References
      • Phala Cloud CLI Reference
        • phala
          • auth
          • cvms
          • docker
          • simulator
      • Phala Cloud API & SDKs
        • API Endpoints & Examples
        • SDKs and Integrations
      • Phala Cloud Pricing
    • ❓FAQs
  • Dstack
    • Overview
    • Getting Started
    • Hardware Requirements
    • Design Documents
      • Decentralized Root-of-Trust
      • Key Management Service
      • Zero Trust HTTPs (TLS)
    • Acknowledgement
  • LLM in GPU TEE
    • 👩‍💻Host LLM in GPU TEE
    • 🔐GPU TEE Inference API
    • 🏎️GPU TEE Benchmark
  • Tech Specs
    • ⛓️Blockchain
      • Blockchain Entities
      • Cluster of Workers
      • Secret Key Hierarchy
  • References
    • 🔐Setting Up a Wallet on Phala
      • Acquiring PHA
    • 🌉SubBridge
      • Cross-chain Transfer
      • Supported Assets
      • Asset Integration Guide
      • Technical Details
    • 👷Community Builders
    • 🤹Hackathon Guides
      • ETHGlobal Singapore
      • ETHGlobal San Francisco
      • ETHGlobal Bangkok
    • 🤯Advanced Topics
      • Cross Chain Solutions
      • System Contract and Drivers
      • Run Local Testnet
      • SideVM
    • 🆘Support
      • Available Phala Chains
      • Resource Limits
      • Transaction Costs
      • Compatibility Matrix
      • Block Explorers
      • Faucet
    • ⁉️FAQ
  • Compute Providers
    • 🙃Basic Info
      • Introduction
      • Gemini Tokenomics (Worker Rewards)
      • Budget balancer
      • Staking Mechanism
      • Requirements in Phala
      • Confidence Level & SGX Function
      • Rent Hardware
      • Error Summary
    • 🦿Run Workers on Phala
      • Solo Worker Deployment
      • PRBv3 Deployment
      • Using PRBv3 UI
      • PRB Worker Deployment
      • Switch Workers from Solo to PRB Mode
      • Headers-cache deployment
      • Archive node deployment
    • 🛡️Gatekeeper
      • Collator
      • Gatekeeper
  • Web Directory
    • Discord
    • GitHub
    • Twitter
    • YouTube
    • Forum
    • Medium
    • Telegram
Powered by GitBook
LogoLogo

Participate

  • Compute Providers
  • Node
  • Community
  • About Us

Resources

  • Technical Whitepaper
  • Token Economics
  • Docs
  • GitHub

More

  • Testnet
  • Explorer
  • Careers
  • Responsible Disclosure

COPYRIGHT © 2024 PHALA.LTD ALL RIGHTS RESERVED. May Phala be with you!

On this page
  • Phala Command Line Interface (CLI) Reference
  • Usage
  • 🚀 Quick Start (5 Minutes)
  • 🏗️ Development Workflow
  • 1️⃣ Local Development
  • 2️⃣ Cloud Deployment
  • 💼 Real-World Use Cases for Confidential Computing
  • 🏦 Financial Services
  • 🏥 Healthcare
  • 🔐 Cybersecurity
  • 🏢 Enterprise Applications
  • 🌐 Web3 and Blockchain
  • 🧩 Project Structure
  • 📋 Example Dstack Applications
  • 🔒 Security
  • 🔍 Troubleshooting

Was this helpful?

Edit on GitHub
  1. Phala Cloud
  2. References

Phala Cloud CLI Reference

A command-line tool for managing Trusted Execution Environment (TEE) deployments on Phala Cloud, from local development to cloud deployment.

PreviousReferencesNextphala

Last updated 5 days ago

Was this helpful?

Phala Command Line Interface (CLI) Reference

Usage

  • Bun for runtime and package management

  • TypeScript for type safety

  • Commander.js for CLI interface

  • Zod for runtime validation

🚀 Quick Start (5 Minutes)

Install Prerequisites:

# Install Bun
curl -fsSL https://bun.sh/install | bash

# Verify Docker is installed
docker --version

Install TEE Cloud CLI:

Install via npm or use npx/bunx

# Install the CLI globally
npm install -g phala

Sign Up and Get API Key:

To deploy applications to Phala Cloud, you'll need an API key:

  • After logging in, navigate to the "API Keys" section in your profile

  • Create a new API key with an appropriate name (e.g., "CLI Access")

  • Copy the generated API key - you'll need it for authentication

  • You can verify your API key using:

    phala auth login [your-phala-cloud-api-key]
    phala auth status

Deploy Your First Confidential App:

# Deploy the webshell Dstack example
phala cvms create

Provide a name and select from the drop down of examples

# ? Enter a name for the CVM: webshell
# ? Choose a Docker Compose example or enter a custom path:

#  lightclient
#   private-docker-image-deployment
#   ❯ webshell
#   custom-domain
#   prelaunch-script
#   timelock-nts
#   ssh-over-tproxy
#   Using example: webshell (~/phala-cloud-cli/examples/webshell/docker-compose.yaml)
#   ✔ Enter number of vCPUs (default: 1): 1

#   ✔ Enter memory in MB (default: 2048): 2048
#   ✔ Enter disk size in GB (default: 20): 20
#   ⟳ Fetching available TEEPods... ✓
#   ? Select a TEEPod: (Use arrow keys)
#   ❯ prod5 (online)
#   prod2 (online)
#   ℹ Selected TEEPod: prod5

#   ✔ Select an image: dstack-dev-0.3.5
#   ⟳ Getting public key from CVM... ✓
#   ⟳ Encrypting environment variables... ✓
#   ⟳ Creating CVM... ✓
#   ✓ CVM created successfully
#   ℹ CVM ID: 2755
#   ℹ Name: webshell
#   ℹ Status: creating
#   ℹ App ID: e15c1a29a9dfb522da528464a8d5ce40ac28039f
#   ℹ App URL: <https://cloud.phala.network/dashboard/cvms/app_e15c1a29a9dfb522da528464a8d5ce40ac28039f>
#    ℹ
#    ℹ Your CVM is being created. You can check its status with:
#    ℹ phala cvms status e15c1a29a9dfb522da528464a8d5ce40ac28039f

Check the CVM's Attestation:

phala cvms attestation

# ℹ No CVM specified, fetching available CVMs...
# ⟳ Fetching available CVMs... ✓
# ✔ Select a CVM: testing (88721d1685bcd57166a8cbe957cd16f733b3da34) - Status: running
# ℹ Fetching attestation information for CVM 88721d1685bcd57166a8cbe957cd16f733b3da34...
# ⟳ Fetching attestation information... ✓
# ✓ Attestation Summary:

# or list the app-id
phala cvms attestation 88721d1685bcd57166a8cbe957cd16f733b3da34

🏗️ Development Workflow

1️⃣ Local Development

Develop and test your application locally with the built-in TEE simulator:

# Start the TEE simulator
phala simulator start

# Build your Docker image
phala docker build --image my-tee-app --tag v1.0.0

# Create an environment file
echo "API_KEY=test-key" > .env
echo "DEBUG=true" >> .env

# Generate and run Docker Compose
phala docker build-compose --image my-tee-app --tag v1.0.0 --env-file ./.env
phala docker run -c ./phala-compose.yaml -e ./.env

2️⃣ Cloud Deployment

Deploy your application to Phala's decentralized TEE Cloud:

# Set your Phala Cloud API key
phala auth login

# Login to Docker and Push your image to Docker Hub
phala docker login
phala docker build --image my-tee-app --tag v1.0.0
phala docker push --image my-tee-app --tag v1.0.0

# Deploy to Phala Cloud
phala cvms create --name my-tee-app --compose ./docker-compose.yml --env-file ./.env

# Access your app via the provided URL

💼 Real-World Use Cases for Confidential Computing

🏦 Financial Services

  • Private Trading Algorithms: Execute proprietary trading strategies without revealing algorithms

  • Secure Multi-Party Computation: Perform financial calculations across organizations without exposing sensitive data

  • Compliant Data Processing: Process regulated financial data with provable security guarantees

🏥 Healthcare

  • Medical Research: Analyze sensitive patient data while preserving privacy

  • Drug Discovery: Collaborate on pharmaceutical research without exposing intellectual property

  • Health Record Processing: Process electronic health records with HIPAA-compliant confidentiality

🔐 Cybersecurity

  • Secure Key Management: Generate and store cryptographic keys in hardware-protected environments

  • Threat Intelligence Sharing: Share cyber threat data across organizations without exposing sensitive details

  • Password Verification: Perform credential validation without exposing password databases

🏢 Enterprise Applications

  • Confidential Analytics: Process sensitive business data without exposure to cloud providers

  • IP Protection: Run proprietary algorithms and software while preventing reverse engineering

  • Secure Supply Chain: Validate and process sensitive supply chain data across multiple organizations

🌐 Web3 and Blockchain

  • Private Smart Contracts: Execute contracts with confidential logic and data

  • Decentralized Identity: Process identity verification without exposing personal information

  • Trustless Oracles: Provide verified external data to blockchain applications

🧩 Project Structure

The Phala Cloud CLI is organized around core workflows:

  1. Authentication: Connect to your Phala Cloud account

  2. TEEPod Info: Fetch information about TEEPods (TEEPods are where your docker apps deploy to)

  3. Docker Management: Build and manage Docker images for TEE

  4. TEE Simulation: Local development environment

  5. Cloud Deployment: Deploy to production and manage TEE Cloud deployments

📋 Example Dstack Applications

  • Timelock Encryption: Encrypt messages that can only be decrypted after a specified time

  • Light Client: A lightweight blockchain client implementation

  • SSH Over TEE Proxy: Secure SSH tunneling through a TEE

  • Web Shell: Browser-based secure terminal

  • Custom Domain: Deploy with your own domain name

  • Private Docker Image: Deploy using private Docker registries

🔒 Security

The TEE Cloud CLI employs several security measures:

  1. Encrypted Credentials: API keys and Docker credentials are stored with encryption using a machine-specific key

  2. Restricted Permissions: All credential files are stored with 0600 permissions (user-only access)

  3. No Validation Storage: API keys are not validated during login, preventing unnecessary transmission

  4. Local Storage: All credentials are stored locally in the ~/.phala-cloud/ directory

🔍 Troubleshooting

Common issues and solutions:

  1. Docker Build Fails

    • Verify Docker daemon is running

    • Check Dockerfile path

    • Ensure proper permissions

  2. Simulator Issues

    • Check if port 8090 is available

    • Verify Docker permissions

  3. Cloud Deployment Fails

    • Validate API key

    • Confirm image exists on Docker Hub

    • Check environment variables

For detailed help:

phala --help
phala <command> --help

Visit to log into your Phala Cloud account. If you do not have an account, register .

Now interact with your application in Phala Cloud by going to the url on port 7681 (Example of what a url at port 7681 would look like )

Explore these to understand different use cases for TEE deployment:

📋
Dstack-TEE: Dstack
Phala Cloud
here
https://e15c1a29a9dfb522da528464a8d5ce40ac28039f-7681.dstack-prod5.phala.network
example dstack applications