🛠️Phala Cloud CLI Reference
A command-line tool for managing Trusted Execution Environment (TEE) deployments on Phala Cloud, from local development to cloud deployment.
Phala Command Line Interface (CLI) Reference
Usage
Bun for runtime and package management
TypeScript for type safety
Commander.js for CLI interface
Zod for runtime validation
🚀 Quick Start (5 Minutes)
Install Prerequisites:
Install TEE Cloud CLI:
Install via npm or use npx/bunx
NOTE
You can use
npx
orbunx
to call thephala
command
Sign Up and Get API Key:
To deploy applications to Phala Cloud, you'll need an API key:
Visit Phala Cloud to log into your Phala Cloud account. If you do not have an account, register with this link with PROMO_CODE.
After logging in, navigate to the "API Keys" section in your profile
Create a new API key with an appropriate name (e.g., "CLI Access")
Copy the generated API key - you'll need it for authentication
You can verify your API key using:
Deploy Your First Confidential App:
Provide a name and select from the drop down of examples
Now interact with your application in Phala Cloud by going to the url on port 7681 (Example of what a url at port 7681 would look like https://e15c1a29a9dfb522da528464a8d5ce40ac28039f-7681.dstack-prod5.phala.network)
Check the CVM's Attestation:
🏗️ Development Workflow
1️⃣ Local Development
Develop and test your application locally with the built-in TEE simulator:
2️⃣ Cloud Deployment
Deploy your application to Phala's decentralized TEE Cloud:
💼 Real-World Use Cases for Confidential Computing
🏦 Financial Services
Private Trading Algorithms: Execute proprietary trading strategies without revealing algorithms
Secure Multi-Party Computation: Perform financial calculations across organizations without exposing sensitive data
Compliant Data Processing: Process regulated financial data with provable security guarantees
🏥 Healthcare
Medical Research: Analyze sensitive patient data while preserving privacy
Drug Discovery: Collaborate on pharmaceutical research without exposing intellectual property
Health Record Processing: Process electronic health records with HIPAA-compliant confidentiality
🔐 Cybersecurity
Secure Key Management: Generate and store cryptographic keys in hardware-protected environments
Threat Intelligence Sharing: Share cyber threat data across organizations without exposing sensitive details
Password Verification: Perform credential validation without exposing password databases
🏢 Enterprise Applications
Confidential Analytics: Process sensitive business data without exposure to cloud providers
IP Protection: Run proprietary algorithms and software while preventing reverse engineering
Secure Supply Chain: Validate and process sensitive supply chain data across multiple organizations
🌐 Web3 and Blockchain
Private Smart Contracts: Execute contracts with confidential logic and data
Decentralized Identity: Process identity verification without exposing personal information
Trustless Oracles: Provide verified external data to blockchain applications
🧩 Project Structure
The Phala Cloud CLI is organized around core workflows:
Authentication: Connect to your Phala Cloud account
TEEPod Info: Fetch information about TEEPods (TEEPods are where your docker apps deploy to)
Docker Management: Build and manage Docker images for TEE
TEE Simulation: Local development environment
Cloud Deployment: Deploy to production and manage TEE Cloud deployments
📋 Example Dstack Applications
Explore these example dstack applications to understand different use cases for TEE deployment:
Timelock Encryption: Encrypt messages that can only be decrypted after a specified time
Light Client: A lightweight blockchain client implementation
SSH Over TEE Proxy: Secure SSH tunneling through a TEE
Web Shell: Browser-based secure terminal
Custom Domain: Deploy with your own domain name
Private Docker Image: Deploy using private Docker registries
🔒 Security
The TEE Cloud CLI employs several security measures:
Encrypted Credentials: API keys and Docker credentials are stored with encryption using a machine-specific key
Restricted Permissions: All credential files are stored with 0600 permissions (user-only access)
No Validation Storage: API keys are not validated during login, preventing unnecessary transmission
Local Storage: All credentials are stored locally in the
~/.phala-cloud/
directory
🔍 Troubleshooting
Common issues and solutions:
Docker Build Fails
Verify Docker daemon is running
Check Dockerfile path
Ensure proper permissions
Simulator Issues
Check if port 8090 is available
Verify Docker permissions
Cloud Deployment Fails
Validate API key
Confirm image exists on Docker Hub
Check environment variables
For detailed help:
Last updated
Was this helpful?