The Evervault Encryption Engine.
E3 is built on AWS Nitro Enclaves. Nitro Enclaves are isolated, hardened, and highly constrained virtual machines (EC2 instances).
Using enclaves means that Evervault cannot access your data. Enclaves have no persistent storage, no interactive access, and no external networking. Root users and admin users on the parent EC2 instance cannot access or SSH into the enclave. The only way to communicate with the enclave is through the secure local channel from the parent EC2 instance attached to the enclave.
Enclaves have attestation for verifying that only authorized code is running in the enclave, and to verify the enclave’s identity.