Announcing Enclaver

Build, test and run secure enclaves

⬤ ⬤ ⬤
$ enclaver build \ -f enclaver.yaml Tagged example/enclave:v1 $ enclaver run example/enclave:v1 Starting egress proxy on vsock port 17002 Started enclave i-00e43bfc030dd8469-enc1840fa584262e1a Connected to enclave, starting log stream Starting "python -m flask run --host=0.0.0.0 --port=8001" * Serving Flask app "/opt/app/server.py"
Read the blog
10 min read

Stay up to date with EdgeBit news:

Understanding Secure Enclaves

The same technology that stores your face on an iPhone also exists on your servers.

Our demo app explains how to use this capability to secure your customer's data and maintain their privacy.

Securing data “in-use” is now essential

Protect your secrets while in-use.
It's not enough to only protect them at rest.

Securing or encrypting data in-use just as essential to preserving privacy and preventing unauthorized access.

Secure Enclaves will revolutionize data protection

An enclave fulfills the exact definition of privacy: being free from observation or disruption by others.

EdgeBit believes that all sensitive data should be highly protected, but your encryption keys deserve perfect privacy.

An enclave guarantees that sensitive data can never leave the enclave unless specifically allowed. Data inserted, processed or decrypted can never be read by an attacker.

This protection starts in the hardware with isolated RAM, dedicated CPU cores, reduced default networking and Trusted Platform Modules (TPM), all powered by AWS Nitro Eclaves.

EdgeBit adds additional network policy that is embedded into the enclave image by the author, so it can't be relaxed or removed.

An enclave fulfills the exact definition of privacy: being free from observation or disruption by others. Even a hostile parent machine can't introspect the enclave or modify its operating parameters.

Enclaves are the perfect environment to decrypt and process sensitive data of any sort. This can be long-lived like a complete microservice or short per-request workflows.

Encryption key access policies can be tied to the enclave's attestation which guarantees that only trusted code can fetch the key.

An attestation is a reproducable "measurement" of a piece of code that can be used to give the code a unique identity. An attestation can be generated at build time and trusted at runtime by infrastructure teams.

Tying credentials or access policies (for encryption keys) to an attestation is extremely powerful because the attestation can't be spoofed or stolen like human credentials or hardcoded secrets.

Read more about Enclaver attestations.

Love Infrastructure?

We do too! We are looking for fellow infrastructure enthusiasts to join us.

If this might interest you we'd love to talk:

letsbuild@edgebit.io