toc

Overview

The easiest way to build, deploy and scale Secure Enclaves.

Cages are in private beta and only available on request. If you're interested in participating in the private beta for Cages, just send us a message.

What are Cages?

Evervault Cages allow developers to easily deploy Docker containers in a Secure Enclave, powered by AWS Nitro Enclaves. Cages offer easy deployment, invocation and attestation of Secure Enclaves without the engineering overhead.

How does attestation work with Cages?

Cages abstract away the complexity of implementing and verifying attestation with your Secure Enclaves. Cages embed the attestation flow in the TLS handshake performed every time you invoke a Cage.

TLS Attestation

Every time you connect to a Cage, your client performs a standard TLS handshake with the enclave itself. Evervault automatically handles all load balancing between enclaves at the network layer.

Each Cage provisions its own self-signed TLS certificate, with the AWS Nitro Attestation Document embedded within the certificate.

When a client connects to the enclave, it can verify the attestation before completing the TLS handshake. By default, the Evervault server-side SDKs include cageality to verify your Cage's attestation out-of-the-box.

How large can a Cage be?

The current limit for Cages is 16 vCPUs and 64 gigabytes of RAM.

Enclaves use a RAM-based filesystem. This means that the memory allocated to your Cage is used for both storage and RAM.

Cages and Evervault Encryption

Cages allow you to process data encrypted using Evervault Encryption. By default, TLS termination is handled automatically within your Cage and encrypted data is automatically decrypted before it is passed to your application.

Can I run a Cage on my own infrastructure?

Evervault Cages are managed and run by Evervault on our platform. A major advantage of using Cages is that the burden of hosting and scaling all of the infrastructure necessary to run Secure Enclaves is handled by Evervault.

Evervault running your Cage doesn't weaken the security guarantees provided by Secure Enclaves, thanks to attestation. You are still provided with the attestation measure at build-time and can verify that these haven't been tampered with — all within the TLS handshake.

Can I run multiple instances of a Cage?

Yes! Cages will deploy two separate EC2 instances split between two Availability Zones in a region for greater resiliency. The number of instances running, and the regions they run in will soon be made configurable.

Secure Enclaves

What is a Secure Enclave?

A Secure Enclave is a highly constrained compute environment which supports cryptographic attestation of the code that it is running. They have no persistent storage, no shell access and no networking by default. They allow you to run sensitive workloads in completely segregated environments with heavily restricted external access.

What is attestation?

Attestation allows you to verify the identity of an enclave and cryptographically prove that the code running in it was written and signed by you, and hasn't been tampered with. Typically, verifying attestation is a complex process and requires in-depth encryption knowledge to implement safely.

The Nitro Hypervisor—which powers AWS Nitro Enclaves—is capable of producing an attestation document that contains details about the Secure Enclave, including the signing key, a hash of the enclave image, a hash of the parent instance ID and a hash of the ARN of the attached IAM role.

What is an AWS Nitro Enclave?

AWS Nitro Enclaves is a product from Amazon Web Services that allows you to deploy isolated Amazon EC2 instances with the same characteristics as a Secure Enclave.

Building Secure Enclaves

Normally, Secure Enclaves are difficult to build and maintain as part of a larger system, and require a large engineering lift to get started. The constrained access and I/O means you need to invest a significant amount of time to build the bridge between the Secure Enclave and the rest of your system. They also have very minimal observability, which makes it difficult to build scalable, fault-tolerant systems.



Was this page useful?