Secure Enclaves


A Secure Enclave — otherwise referred to as a Trusted Execution Environment (TEE) — is a highly constrained compute environment which supports cryptographic attestation of the code that it is running. They have no persistent storage, no shell access and no networking by default. They allow you to run sensitive workloads in completely segregated environments with heavily restricted external access.

Evervault uses Secure Enclaves extensively throughout our stack, and they are used to secure parts of our infrastructure which handle sensitive data and key material. This includes the Evervault Encryption Engine (E3), which is powered by AWS Nitro Enclaves.

Why use Secure Enclaves?

Secure Enclaves are useful for developers who need robust security guarantees for sensitive workloads. Secure Enclaves allow developers to guarantee that their code hasn’t been tampered with by a malicious actor through attestation.

Secure Enclaves provide all of the advantages of typical containerized compute environments like Amazon ECS or Kubernetes, with the added security guarantees from attestation and heavily restricted I/O (e.g. no persistent storage and no networking by default).

Companies who frequently need to provide reassurance about their security posture can offload much of that responsibility to the architecture of Secure Enclaves, helping them close deals with the most security-conscious customers — without changing how they build their software.

More importantly, Secure Enclaves give developers the most secure way of deploying sensitive workloads. They maximally reduce the risk exposure of data, applications, and storage from insiders and third-parties, and for this reason, they are seeing rapid adoption across security-conscious businesses, and heavy investment from cloud and hardware vendors like AWS, Google Cloud and Microsoft Azure.

What is attestation?

Attestation allows you to verify the identity of an enclave and cryptographically prove that the code running in it was written and signed by you, and hasn't been tampered with.

When you deploy your code to run within a Secure Enclave, you can use a secret key to sign the code bundle at build time. Cryptographic attestation acts as an integrity check to guarantee that the code running within the enclave is the same code that was signed at build time.

Typically, verifying attestation is a complex process and requires in-depth encryption knowledge to implement safely.

The Nitro Hypervisor—which powers AWS Nitro Enclaves—is capable of producing an attestation document that contains details about the Secure Enclave, including the signing key, a hash of the enclave image, a hash of the parent instance ID and a hash of the ARN of the attached IAM role.

What is an AWS Nitro Enclave?

AWS Nitro Enclaves is a product from Amazon Web Services that allows you to create isolated Amazon EC2 instances with all of the security characteristics of a Secure Enclave.

AWS Nitro Enclaves is available by default to customers of Amazon EC2, but building, deploying and scaling Nitro Enclaves can be a major time investment for engineering teams that have competing priorities.

Building Secure Enclaves

Normally, Secure Enclaves are difficult to build and maintain as part of a larger system, and require a large engineering lift to get started. The constrained access and I/O means you need to invest a significant amount of time to build the bridge between the Secure Enclave and the rest of your system. They also have very minimal observability, which makes it difficult to build scalable, fault-tolerant systems.

Using Evervault Cages makes it easy for developers to build, deploy and scale applications running in Secure Enclaves. With Evervault Cages, you can deploy your own Docker Containers inside Secure Enclaves.