Trusted execution environments.
Run containers in hardware-isolated enclaves with encrypted memory. Process sensitive data without exposing it to the host OS, hypervisor, or cloud operator.
Hardware
Isolation
Encrypted
Memory
Remote
Attestation
< 5%
Overhead
Hardware-enforced isolation.
Intel SGX, AMD SEV-SNP, and ARM TrustZone for your most sensitive workloads.
Hardware isolation
Intel SGX, AMD SEV-SNP, and ARM TrustZone enclaves. Code and data protected from the host.
Encrypted memory
All enclave memory encrypted with per-enclave keys. Data never exposed in plaintext outside the enclave.
Remote attestation
Cryptographically verify that code is running in a genuine enclave before sending sensitive data.
Enclave-to-enclave
Secure channels between enclaves across instances. End-to-end encrypted communication.
Container compatible
Run standard Docker containers inside enclaves. No code changes โ just deploy to enclave-enabled instances.
Key management
Enclave-bound keys that can only be unsealed inside the same enclave. Integration with KMS.
Getting started
Launch your first instance in three steps. CLI, console, or API โ your choice.
ur compute instances create secure-vm \
--machine-type=n2d-standard-8 \
--enclave=sev-snpTrusted execution use cases.
Process sensitive data without exposing it to the host.
Sensitive data processing
Process PII, PHI, and financial data without exposing it to the infrastructure.
View tutorialSuggested configuration
SEV-SNP ยท Attestation ยท Encrypted
Estimate your costs
Create detailed configurations to see exactly how much your architecture will cost. Pay for what you use, down to the second.
Configuration 1
Platform & Architecture
Enclave Resources
Storage
Cost Optimization
Cost details
TEE (Trusted Execution Environments) for secure compute.
Works seamlessly with
Frequently asked questions
Trust no one. Compute securely.
Hardware-isolated enclaves for your most sensitive workloads.