⬤ ⬤ ⬤
$ enclaver build \
  -f enclaver.yaml
Tagged example/enclave:v1

$ enclaver run example/enclave:v1
Starting egress proxy on vsock port 17002
Started enclave i-00e43bfc030dd8469-enc1840fa584262e1a
Connected to enclave, starting log stream
Starting "python -m flask run --host=0.0.0.0 --port=8001"
* Serving Flask app "/opt/app/server.py"

Enclaver is an open source toolkit created to enable easy adoption of software enclaves.

Enclaves provide several critical features for operating software which processes sensitive data, including:

Isolation: Enclaves guarantee that sensitive data inserted, processed or decrypted can never be read by an attacker and leave the enclave.

Attestation: Enclaves make it possible to determine the exact identity and configuration of software running in an enclave.

Network Restrictions: External communication is limited and controlled. The network policy is built into the image and therefore the software attestation.

Enclaver currently supports AWS Nitro Enclaves, with more coming in the future.

Protect your data
Encrypt data and protect it during processing
Trust App Code
Attestation and SBOM tied back to source
Add privacy
Keep plaintext data out of logs and data dumps
Works with Docker
Run any container in an enclave
Documentation
Getting Started Guide
GitHub
edgebitio/enclaver
Release Notes
Enclaver v0.2
Community

Enclaver Demos

Enclaver Demo

Quick Overview of Build & Run

Enclaver No-Fly-List Demo

Sample Python App with KMS Integration

Enclaver EKS Cluster Demo

EKS Cluster with Enclave Node Group

Technology: Secure Enclaves

Security & Isolation Privacy Attestation & Code Identity

An enclave guarantees that sensitive data can never leave the enclave unless specifically allowed. Data inserted, processed or decrypted can never be read by an attacker.

This protection starts in the hardware with isolated RAM, dedicated CPU cores, reduced default networking and Trusted Platform Modules (TPM), all powered by AWS Nitro Enclaves.

EdgeBit adds additional network policy that is embedded into the enclave image by the author, so it can't be relaxed or removed.

An enclave fulfills the exact definition of privacy: being free from observation or disruption by others. Even a hostile parent machine can't introspect the enclave or modify its operating parameters.

Enclaves are the perfect environment to decrypt and process sensitive data of any sort. This can be long-lived like a complete microservice or short per-request workflows.

Encryption key access policies can be tied to the enclave's attestation which guarantees that only trusted code can fetch the key.

An attestation is a reproducable "measurement" of a piece of code that can be used to give the code a unique identity. An attestation can be generated at build time and trusted at runtime by infrastructure teams.

Tying credentials or access policies (for encryption keys) to an attestation is extremely powerful because the attestation can't be spoofed or stolen like human credentials or hardcoded secrets.

Read more about Enclaver attestations.

Trusted Start of your Supply Chain

Enclaver's attestation and code identity are anchored in a hardware root of trust, which secures application builds and signing operations.

Paired with a Software Bill of Materials (SBOM) produced from the enclave, your security and engineering teams can have high confidence in the integrity of the build process & understand their dependency risks — all tied back to the source code.

Share supply chain artifacts with your customers to build trust, allow them to gain insight and verifiable claims about the security of your software, and meet government Supply Chain Regulations and Legal Requirements

Use Enclaver with EdgeBit's Supply Chain Security Platform

Icons from: DEB File by Arthur Shlain from Noun Project •  RPM File by Arthur Shlain from Noun Project