nitrogen VS enclaver

Check out the full implementation here.

Thanks for reading! Don't forget to check back for Part 2 coming soon. If Nitrogen sounds cool to you check it out and give it a star here, and come see what's going on on Discord.

I was recently reminded about the tool mkcert and it inspired me to add a TLS example to the Nitrogen. mkcert makes its incredibly easy to test TLS with your application during local development. Its very important to note that the TLS certificates generated by mkcert should only be used for development and never production applications.

Checkout out the README!

For now, you can curl -fsSL https://raw.githubusercontent.com/capeprivacy/nitrogen/main/install.sh | sh and start using it. We'd love to hear what you think in the comments below. Please star Nitrogen on GitHub, and come chat on Discord. Thanks!

If you're looking for the best way to take a container and run it with Nitro, I work on https://github.com/edgebitio/enclaver

Works great with Kubernetes as a DaemonSet or straight on a VM.

Building a tool for running secure enclaves called Enclaver (https://github.com/edgebitio/enclaver). There is a big opportunity for keeping data encrypted while running code against it within enclaves.

And a more secure software supply chain is possible with device attestation and cryptographic measurements of software.

Check out the code on GitHub: https://github.com/edgebitio/enclaver

I'm building the "in-use" part of this right now...what if you could encrypt your data with an encryption key (at-rest), _but also_ to a set of code that is allowed to decrypt it (in-use). If that code is identified cryptographically, its identity can't be spoofed or stolen.

We're exploring secure enclaves as the protected runtime env and the code attestation generation: https://github.com/edgebitio/enclaver

I have been building out an open source project called Enclaver, which allows you to wrap sensitive workloads inside of a secure enclave (the same as your iPhone, but on servers). It's intended for anything you don't want observed, like JWT signers, encryption/decryption, partner integrations using highly privileged API keys, etc.

I found the side channel protection and CPU/L1 isolation between customers to be particularly interesting.

Very cool to see the physical hardware interconnects for resetting the system. Also the PCI bus as one of the isolating boundaries.

I have built an open source project for managing Nitro Enclaves (https://github.com/edgebitio/enclaver), so it is cool to see how these build on this foundation to provide even more protection.