Attestation reports¶

Attestation provides cryptographic proof that workflows running in OPAQUE executed inside trusted, hardware-protected computing environments. Using attestation, organization administrators can review the trust posture of their environment, confirm that workflows ran on confidential hardware, and export verifiable reports for audit or compliance purposes.

Attestation complements audit logs. While audit logs record who did what and when, attestation answers a different question: where and how did the workflow actually run?

Access attestation results¶

Attestation results are only accessible to organization administrators. To view them, select Trust from the left-hand navigation. You’ll land directly on the Attestation tab.

Navigate the Attestation tab¶

The Attestation tab gives you both a high-level summary of trust across your deployment and fine-grained evidence for individual workflows and nodes.

At the top of the page, use the time range selector to control the window of data shown (e.g., the last 24 hours, 8 hours, hour, or a window of your choice). This filter applies across all panels and tables on the page.

Attestation panels¶

The panels in the upper half of the page summarize different layers of trust:

• Hardware attestation confirms that workflows ran on genuine confidential hardware, such as AMD SEV-SNP–backed nodes.
• OPAQUE platform attestation verifies the integrity of the operating system, Kubernetes distribution, and supporting platform components.
• Policies shows whether workflows complied with configured security and execution policies.

A status of All verified indicates that all evaluated workflows produced verifiable attestation results for that layer during the selected time range. If issues are detected, the panel highlights them so you can investigate further.

Each panel can be expanded or collapsed to focus on the details most relevant to you.

Workflow attestation status¶

Below the panels, the Workflow attestation status table shows attestation status per node and workflow. This is where you move from high-level summaries to concrete proof for a specific run.

Key characteristics of this view include:

• Rows are grouped by node, with associated workflows listed underneath.
• A node may appear in multiple workflows.
• Each workflow shows:
  • The last verification time
  • The verification status (for example, Verified)
  • A Result link

Selecting Result opens detailed attestation evidence for that specific node and workflow. From there, you can review the verification outcome and export reports tied to that execution.

Each panel or node can be expanded or collapsed to focus on the details most relevant to you.

Export attestation reports¶

You can export attestation results at two levels: deployment-wide summaries or individual workflow executions.

To export a complete report of hardware and platform attestation results for a selected time range:

1. Use the time range selector to control the window of data shown.
2. Select Export PDF.

This export provides a high-level, human-readable summary of the attestation status across your environment. These exports are typically used for audit reviews, compliance reporting, or sharing verification evidence with external stakeholders.

To export the results for a specific workflow:

1. In the Workflow attestation status table, click Result for the workflow you’re interested in.
2. Choose an export format:
   • PDF for human-readable reports
   • JSON for structured, machine-readable data
   • RAW for low-level attestation artifacts
3. Click Download report.

These exports provide verifiable evidence tied to a specific execution and can be shared with security teams, auditors, or external partners.