Skip to main content
Make sure you have gone through the Sign-up for Cloud Account section before continuing.

Prerequisites

Installation

Install globally or use npxor bunx in this tutorial we will use npxto call the Phala Cloud CLI. 
# Skip build install globally 
npm install -g phala
# use npx phala
npx phala
# or use bunx
bunx phala

Log into Phala Cloud Account

First we will log into the Phala Cloud with your account. If you have not signed up for an account and you are in the terminal, follow the steps in Sign Up for an Account via CLI below. Otherwise, skip to #generate-a-phala-cloud-api-key.

Generate a Phala Cloud API Key

Log into your dashboard and select the logo in the top left corner.
Phala Cloud dashboard with logo highlighted in top left corner
Click your username and select “API Tokens”.
User dropdown menu with API Tokens option highlighted
Click Create Token and then copy your newly generated API Key.
API token creation interface with newly generated token displayed
With your API Key in hand, authenticate your CLI: 
npx phala auth login
When prompted, paste your API Key. The CLI will confirm successful authentication. 
phala auth login
✔ Enter your API key: … ************************************************
✓ Welcome hashwarlock! API key validated and saved successfully
ℹ Open in Web UI at https://cloud.phala.network/dashboard/
Congratulations! You’ve now set up the Phala Cloud CLI and authenticated your account. You’re ready to start deploying and managing confidential applications on Phala Cloud. Remember, you can always check your authentication status with: 
npx phala auth status

 Checking authentication status...

 Authenticated as hashwarlock
 Username hashwarlock
 Email [email protected]
 Role admin
 Team hashwarlock's projects (enterprise)    │
│ Credits    │ $20                                    │
If you need to log out or switch accounts: 
npx phala auth logout
# ✓ API key removed successfully.

Launch a Juptyer Notebook in CVM

Now that we are authenticated to our Phala Cloud account with our API Key, let’s deploy our first CVM The process is easy as we have setup a demo command for you to try this out quickly. 
phala demo
You’ll have a list of demos to test, and we will try the Jupyter Notebook demo. This part of the guide is very simple. Run the command, sit back and watch the magic unfold. 
phala demo
 Verifying your credentials...
 Logged in as hashwarlock
 Select a template to deploy: Jupyter Notebook
 Selected template: Jupyter Notebook
 Enter a name for your CVM: Jupyter-Notebook
 Preparing to deploy your CVM...
 Preparing CVM configuration...
 Creating your demo CVM...
 Demo CVM created successfully! 🎉

 CVM ID 3751
 Name Jupyter-Notebook
 Status creating
 App ID app_ecc21474f89b47a8e33ecd4e53a0ed744fff4eb2
 App URL https://cloud.phala.network/dashboard/cvms/app_ecc21474f89b47a8e33ecd4e53a0ed744fff4eb2
 Template Jupyter Notebook
 Resources 2 vCPUs, 2GB RAM, 20GB Storage
 Jupyter Token e4d13458163d6b8314a9d976a55600ad
 Access Instructions Access your Jupyter notebook using the token above. Go to 'Network' tab to see the public URL.

 Your demo is being created. You can check its status with:
phala cvms get app_ecc21474f89b47a8e33ecd4e53a0ed744fff4eb2
Congratulations! Your Jupyter Notebook is deployed! Let’s checkout the deployment and use the Jupyter Token to access our notebook. Go to the “Network” Tab:
CVM Network tab showing public endpoint URL for Jupyter notebook access
Open in New Tab and enter the Jupyter Token generated for your Jupyter Notebook.
Jupyter notebook login page requesting authentication token
We are now inside the Jupyter Notebook!
Jupyter notebook interface running inside Phala Cloud CVM

Call TEE Native Functions

Let’s try a couple function to test with the dstack python SDK:
  • Remote Attestation
  • Key Derive with Key Management Service

Install dstack SDK

Installing dstack SDK in Jupyter notebook with pip install command
Now, we can use some sample code from the SDK README below to test out. 
from dstack_sdk import DstackClient
import hashlib

# Synchronous client
client = DstackClient()

# Get the information of the Base Image.
info = client.info()
print(info.app_id)  # Application ID
print(info.tcb_info.mrtd)  # Access TCB info directly
print(info.tcb_info.event_log[0].event)  # Access event log entries

# Get a deterministic key with path
key_result = client.get_key('my-app/encryption/v1')
print(key_result.key)  # Hex string
print(key_result.signature_chain)  # Signature chain
key_bytes = key_result.decode_key()  # Decode to bytes (32 bytes)

# Generate TDX quote (manually hash data if > 64 bytes)
data = b'some-data'
hash_value = hashlib.sha256(data).digest()
quote_result = client.get_quote(hash_value[:32])
print(quote_result.quote)  # TDX quote in hex format
print(quote_result.event_log)  # Event log
rtmrs = quote_result.replay_rtmrs()  # Replay RTMRs
We get the following result:
Dstack SDK output showing app ID, TCB info, and TEE quote generation results

Generate a Wallet on Ethereum and Solana

This is a great start, but let’s try something more specific like generating:
  • Ethereum Account
  • Solana Keypair
First, run pip install "dstack-sdk[all]" to get the right dependencies.
Installing dstack SDK with all dependencies for wallet generation
Let’s write some code to get an ETH and SOL account.
Jupyter notebook code generating Ethereum and Solana wallet addresses using TEE-derived keys
This is great! We have now shown we can interact with the TEE special functions for deriving keys through the key management service and generate remote attestations. We will have another blogpost to dive deeper into this information later, but to get a head start check out Key Management Service Docs and the Attestation Guide for Dstack.

Conclusion

Congratulations! You have deployed your first CVM into the Phala Cloud. Let’s dive into some of the templates we have.