Secure Enclaves

Trusted execution environments.

Run containers in hardware-isolated enclaves with encrypted memory. Process sensitive data without exposing it to the host OS, hypervisor, or cloud operator.

HOST OS ENVIRONMENTHARDWARE ENCLAVE (TEE)๐Ÿ”’DATA IN USE PROTECTIONCONFIDENTIAL ML INFERENCEHOST ACCESS๐ŸšซATTESTATIONโœ…AMD SEV / Intel SGX

Hardware

Isolation

Encrypted

Memory

Remote

Attestation

< 5%

Overhead

Hardware-enforced isolation.

Intel SGX, AMD SEV-SNP, and ARM TrustZone for your most sensitive workloads.

Hardware isolation

Intel SGX, AMD SEV-SNP, and ARM TrustZone enclaves. Code and data protected from the host.

Encrypted memory

All enclave memory encrypted with per-enclave keys. Data never exposed in plaintext outside the enclave.

Remote attestation

Cryptographically verify that code is running in a genuine enclave before sending sensitive data.

Enclave-to-enclave

Secure channels between enclaves across instances. End-to-end encrypted communication.

Container compatible

Run standard Docker containers inside enclaves. No code changes โ€” just deploy to enclave-enabled instances.

Key management

Enclave-bound keys that can only be unsealed inside the same enclave. Integration with KMS.

Getting started

Launch your first instance in three steps. CLI, console, or API โ€” your choice.

Terminal
ur compute instances create secure-vm \
  --machine-type=n2d-standard-8 \
  --enclave=sev-snp

Trusted execution use cases.

Process sensitive data without exposing it to the host.

Sensitive data processing

Process PII, PHI, and financial data without exposing it to the infrastructure.

View tutorial

Suggested configuration

SEV-SNP ยท Attestation ยท Encrypted

Estimate your costs

Create detailed configurations to see exactly how much your architecture will cost. Pay for what you use, down to the second.

Configuration 1

Estimated: $220.24/mo

Platform & Architecture

Enclave Resources

GB

Storage

GB

Cost Optimization

Preemptible InstanceSave up to 70% โ€” may be reclaimed
Config 1 cost$220.24

Cost details

$220.24

TEE (Trusted Execution Environments) for secure compute.

Configuration 1
$220.24
4 vCPU ร— 16 GB Compute$210.24
Persistent Storage$10.00

Works seamlessly with

KMS
Confidential Compute
Managed Kubernetes
Cloud Monitoring
Cloud Logging
IAM

Frequently asked questions

Trust no one. Compute securely.

Hardware-isolated enclaves for your most sensitive workloads.