A universal abstraction layer for Intel SGX and AMD SEV. Run any container, securely, without code changes.
Hardware-isolated memory region. Encrypted by CPU keys. Inaccessible to the host OS.
Translates Linux syscalls to SGX instructions. Allows standard binaries to run unmodified.
Support for both Intel SGX (Ice Lake) and AMD SEV-SNP. We abstract the hardware differences so you deploy once.
Our sidecar proxy handles the cryptographic handshake and key exchange automatically before your app starts.
Deploy via standard Helm charts to our managed AKS clusters in Zurich. No custom orchestrators needed.