⬤ ⬤ ⬤
$ enclaver build \ -f enclaver.yaml Tagged example/enclave:v1 $ enclaver run example/enclave:v1 Starting egress proxy on vsock port 17002 Started enclave i-00e43bfc030dd8469-enc1840fa584262e1a Connected to enclave, starting log stream Starting "python -m flask run --host= --port=8001" * Serving Flask app "/opt/app/server.py"

Enclaver is an open source toolkit created to enable easy adoption of software enclaves, for new and existing backend software.

Enclaves provide several critical features for operating software which processes sensitive data, including:

Isolation: Enclaves guarantee that sensitive data inserted, processed or decrypted can never be read by an attacker and leave the enclave.

Attestation: Enclaves make it possible to determine the exact identity and configuration of software running in an enclave.

Network Restrictions: External communication is limited and controlled. The network policy is built into the image and therefore the software attestation.

Enclaver currently supports AWS Nitro Enclaves, with more coming in the future.

Protect your data
Encrypt data and protect it during processing
Secure your apps
Easy toolkit to add security to every layer
Add privacy
Keep plaintext data out of logs and data dumps
Works with Docker
Run any container in an enclave

Enclaver Demos

Enclaver Demo

Quick Overview of Build & Run

Enclaver No-Fly-List Demo

Sample Python App with KMS Integration

Enclaver EKS Cluster Demo

EKS Cluster with Enclave Node Group

Technology: Secure Enclaves

An enclave guarantees that sensitive data can never leave the enclave unless specifically allowed. Data inserted, processed or decrypted can never be read by an attacker.

This protection starts in the hardware with isolated RAM, dedicated CPU cores, reduced default networking and Trusted Platform Modules (TPM), all powered by AWS Nitro Eclaves.

EdgeBit adds additional network policy that is embedded into the enclave image by the author, so it can't be relaxed or removed.

An enclave fulfills the exact definition of privacy: being free from observation or disruption by others. Even a hostile parent machine can't introspect the enclave or modify its operating parameters.

Enclaves are the perfect environment to decrypt and process sensitive data of any sort. This can be long-lived like a complete microservice or short per-request workflows.

Encryption key access policies can be tied to the enclave's attestation which guarantees that only trusted code can fetch the key.

An attestation is a reproducable "measurement" of a piece of code that can be used to give the code a unique identity. An attestation can be generated at build time and trusted at runtime by infrastructure teams.

Tying credentials or access policies (for encryption keys) to an attestation is extremely powerful because the attestation can't be spoofed or stolen like human credentials or hardcoded secrets.

Read more about Enclaver attestations.

Icons from: safe by supalerk laipawat from Noun Project •  Redaction by Dan Hetteix from Noun Project •  Lock by nico bayu saputro from Noun Project •  Secured by Saideep Karipalli from Noun Project