The service mesh for confidential computing

Marblerun makes it easy to deploy, scale, and verify your SGX-based apps on vanilla Kubernetes. Think Istio/Consul/Linkerd for confidential computing. It’s open source, written in Go, and truely cloud native.

📢 Announcing Marblerun 0.3.0

Adds support for Graphene-based services and an easy-to-use CLI.

Features


Everything always encrypted

All services run in secure enclaves; your data and code are encrypted even at runtime. Between enclaves, data is transmitted via mTLS.


End-to-end verifiability

Get cryptographic proof that the topology of your cluster adheres to a Manifest defined in simple JSON.


Keep using your existing tools

Despite using the latest confidential-computing tech, Marblerun works frictionless with K8s, Helm and normal services meshes like Istio or Linkerd.


Cloud native and cloud agnostic

Marblerun is written in Go and uses standards like gRPC and REST. It scales and secures your apps in any cloud that has Intel SGX - like Azure.


Deploy your first app in minutes

Usability and simplicity (and security of course!) are our guiding principles. Porting and deploying existing distributed Go apps only takes a few simple steps.


Open source and open standards

Marblerun is open source and builds upon the industry standard Open Enclave. It has support for EGo and Graphene based services.

Blog

Why confidential computing?

We give an intro to the concept of confidential computing.

Why services meshes?

We give intro to the service mesh concept and discuss crucial properties in the context of confidential computing.

An introduction to Marblerun

We describe key features and the architecture of Marblerun.

Running Graphene on Marblerun

We give an intro to Marblerun’s support for Graphene-based applications.