Products
Cages
Evervault Cages are the easiest way to build, deploy and scale Secure Enclaves.
Evervault Cages allow developers to easily deploy Docker containers in a Secure Enclave, powered by AWS Nitro Enclaves. Cages offer easy deployment, invocation and attestation of Secure Enclaves without the engineering overhead.
Cages are in private beta and only available on request. If you're interested in participating in the private beta, just send us a message.
Getting Started
Get up and running with Cages.
Install the Cages CLI
Once you have access to the private beta, you can install the Cages CLI by running the following command in your terminal:
While in beta, the Cages CLI is separate to the main Evervault CLI.
Clone Hello Cage repository
To create your first Cage, you’ll need a server and a Dockerfile
.
If you don’t have one already, then you can use our Hello, Cage!
repository (a simple Node.js Express server) as a starting point. You can clone it by running the following command:
Authenticating with the Cages CLI
The Cages CLI currently only supports API Key authentication. To setup a session in your terminal, you will first need to get your App's API Key from the Evervault Dashboard.
Once you have your API Key you can create the session by running:
Initialize your Cage
Now we can initialize your Docker server as a Cage. This will reserve the Cage name within your Evervault App, so you can deploy your service.
For our first Cage, we’ll enable some features which help us see what’s happening inside the Secure Enclave, namely: debug mode and network egress. To do that, we need to run the following command:
Configure your Cage
This command will generate a cage.toml
file in your current directory containing the configuration for your Cage. It should look something like this:
You can edit this .toml
file whenever you want to reconfigure your Cage.
Build your Cage
Now that we have our cage.toml
, we can build our Cage. The build command will convert the service’s Dockerfile
into a Cage-compatible Enclave Image File (.eif
). A .eif
file is a binary image that is used to initialize an AWS Nitro Enclave, and all attestation measures are based on the .eif
binary.
Because our cage.toml
is in the current directory, we can run:
The first build will be slow (approximately 2 minutes) as the CLI has to build several Docker images. Each subsequent build should be faster once the images have been cached.
Because we have provided the --write
flag, the CLI will append our latest Cage build's attestation measures to the cage.toml
. This will help with tracking changes in attestation measures within source control.
Our cage.toml
should have a section that looks something like this at the end of it:
These attestation measures are how we will verify the integrity of the code after we have deployed it. Attestation lets us trust a remote server before we share any sensitive data with it. You can read more about attestation for Cages here.
The build command will also create two files: enclave.eif
and ev-user.Dockerfile
. The enclave.eif
file is the image that the Cage will run in the AWS Nitro Enclave, and the ev-user.Dockerfile
is the Dockerfile
that was used to generate it.
Deploy your Cage
To deploy your Cage using an existing .eif
run:
You can build a fresh .eif
for a deployment by omitting the --eif-path
argument. This means you can skip the ev-cage build
step and deploy in one command.
The CLI will track your Cage deployment. Once the deployment has stabilized, you should see a log which includes the domain for your Cage:
Invoke your Cage
You can now call your Cage over the internet! If you deployed the Evervault Hello, Cage!
template, you can use the following cURL command to try it out:
You should now see an echo response from your Cage:
Reference
cage.toml
Cages allows configuration to be embedded within the source code, so it is easily attestable and can't be tampered with. Simply include a cage.toml
file in the root of your repository and Evervault will automatically include it at build time.
The cage.toml
can be used to configure rules such as network egress and debug mode. It also includes dynamic attestation measures so each time your Cage is built, the PCR measures can be verified by comparing the result of the attestation with the measures included in Evervault's TLS attestation.
The format of your cage.toml
is as follows:
Encryption API
Evervault exposes a simple encryption API within Cages which allows you to encrypt and decrypt Evervault-encrypted strings. It also allows you to manually retrieve an AWS Nitro Enclaves Attestation Document if you wish to implement your own attestation protocol.
Encrypt data
To encrypt data, you can make a request to /encrypt
.
Decrypt
To decrypt data you can make another request to /encrypt
.
Attestation Document
To fetch the attestation document for the cage, you can make a request to /attestation-doc
Default port
By default, traffic within the Cage will be forwarded to port 8008 on loopback. This can be configured by supplying an EXPOSE
directive in your Dockerfile.
Note that several ports are reserved within the Cage.
Reserved Ports
Certain ports are reserved within Cages for internal services. In certain cases, these ports are only reserved when a feature is enabled. The reserved ports are as follows:
Port | Reason | Corresponding Feature |
---|---|---|
9999 | Used by the Encryption API | — |
53 | Used to proxy egress DNS calls | egress — can be disabled in the cage.toml |
443 | Used to proxy egress TCP traffic | egress — can be disabled in the cage.toml |
Environment Variables
Environment Variables can be configured using the UI or CLI. Secrets can be encrypted on creation and will be made available to your Cage environment in plaintext on startup.
Add a secret value
Add a non secret value
All Cages will have your Evervault API Key available as an environment variable EV_API_KEY
HTTP Transaction Logging
When TLS Termination is enabled on your cage, you can enable HTTP Transaction logging which will propagate request logs to the Evervault Activity Screen within the dashboard. These logs contain HTTP Status Codes, Methods, Timestamps etc. This can be configured within the cage toml by setting trx_logging = false
(Default is true
).
A unique ID is also appended to each request. This ID can be found in the response headers under x-evervault-cage-ctx
. You can then search for this ID in the Activity Screen.
Debug Mode
If you want to test your Docker Image in a Cage and see the output, you can run your Cage in debug
mode. Logs will be emitted and viewable through the Evervault Dashboard, or by using the ev-cage logs
command in the CLI.
When running a Cage in debug
mode, the attestation measure returned will consist entirely of zeroes. This means that a Cage in debug mode is not attestable.
Authentication
Cages expect an Evervault API key in an api-key
request header by default. This can be disabled if you wish to implement your own form of authentication to the Cage.
Cages CLI Reference
Manage Cages from your terminal.
Build
The build command mirrors the docker build
command but produces an Enclave Image File (EIF) as output instead of a Docker image. The build command requires a cage.toml
to be available when creating an Enclave Image File. This can be generated using the ev-cage init
command.
New Certificate
Create a new Cage signing certificate and private key.
Path to the directory where the credentials will be saved. Defaults to the current directory.
Delete
Delete the Cage defined in a given cage.toml
.
Deploy
Deploy the Cage defined in your cage.toml
file. By default, the deploy command will ignore any prebuilt EIFs and begin a fresh Cage build. You can prevent this by providing a path to an existing EIF using the --eif-path
option.
Path to Dockerfile
for Cage. Will override any Dockerfile
specified in the cage.toml
file
Describe
Get the PCRs of an existing EIF.
Init
Create a Cage and initialize a cage.toml
in the current directory.
Debug setting for the Cage. When debug is enabled, you can access logs from within the Enclave.
Flag to enable cert generation during initialization. This will use the default certificate.
List Cages
List your Cages
List Deployments
List the deployments for your Cage.
Add Environment Variable
Add environment variable to be used in a Cage.
Delete Environment Variable
Permanently delete a environment variable from the Cage environment.
Get Environment Variables
Get the environment variables in json format.
Encrypt String
Encrypt a string that can be decrypted in your Cage.
FAQ
How does attestation work with Cages?
Evervault Cages abstract away the complexity of implementing and verifying attestation with your Secure Enclaves. Cages embed the attestation flow in the TLS handshake, which is performed every time you invoke a Cage.
TLS Attestation
When you connect to a Cage, your client performs a standard TLS handshake with the enclave. Evervault automatically handles all load balancing between enclaves at the network layer.
Each Cage provisions its own self-signed TLS certificate, with the AWS Nitro Attestation Document embedded within the certificate.
When a client connects to the enclave, it can verify the attestation before completing the TLS handshake. By default, the Evervault server-side SDKs include functionality to verify your Cage's attestation out-of-the-box.
How large can a Cage be?
The current limit for Cages is 16 vCPUs
and 64 gigabytes
of RAM.
Enclaves use a RAM-based filesystem. This means that the memory allocated to your Cage is used for both storage and RAM.
Cages and Evervault Encryption
Evervault Cages allow you to process data encrypted using Evervault Encryption. By default, TLS termination is handled automatically within your Cage, and encrypted data is automatically decrypted before it is passed to your application.
Can I run a Cage on my own infrastructure?
Evervault Cages are managed and run by Evervault on our infrastructure. A major advantage of using Cages is that the burden of hosting and scaling all of the infrastructure necessary to run Secure Enclaves is handled by Evervault.
Evervault running your Cage doesn't weaken the security guarantees provided by Secure Enclaves, thanks to attestation. You are still provided with the attestation measure at build-time and can verify that these haven't been tampered with — all within the TLS handshake.
Can I run multiple instances of a Cage?
Yes! Cages are deployed on two separate EC2 instances split between two Availability Zones in a region for greater resiliency. The number of instances running, and the regions they run in will soon be made configurable.