Distribute and scale your confidential computing apps

MARBLERUN is a framework for creating distributed confidential computing apps. Build your confidential microservices with EDGELESS RT, distribute them with Kubernetes and let MARBLERUN take care of the rest. Deploy end-to-end secure and verifiable AI pipelines or crunch on sensitive big data in the cloud. Confidential computing at scale has never been easier.

MARBLERUN guarantees that the topology of your distributed app adheres to a manifest specified in simple JSON. MARBLERUN verifies the integrity of nodes, bootstraps them, and sets up encrypted connections between them.

If a node fails, MARBLERUN will seamlessly substitute it with respect to the rules defined in the manifest.  

To keep things simple, MARBLERUN acts as certificate authority and issues one concise remote attestation statement for your whole distributed app. This can be used by anyone to verify the integrity of your distributed app.

MARBLERUN is the service mesh for the age of confidential computing.

Community Edition

The Community Edition of MARBLERUN is and will be free open-source. See the project site for documentation and examples.

Enterprise Edition

The Enterprise Edition of MARBLERUN offers support plans and additional features such as flexible recovery policies.


Edgeless RT

Build confidential computing apps with ease

EDGELESS RT is the technological foundation of our product portfolio. It makes it simple for developers to build and debug confidential computing apps. It also enables the porting of existing software to Intel SGX and related hardware with little or no code changes required.

EDGELESS RT supports Go, Rust, Python, and C++17. It features a small and reliable code base and builds on the industry standard Open Enclave. Thus, apps built with EDGELESS RT are not only highly secure, but also future-proof and portable!

Community Edition

The Community Edition of EDGELESS RT is and will be free open-source. See the GitHub repository site for documentation and examples.

Enterprise Edition

The Enterprise Edition of EDGELESS RT offers support plans and additional features.

Example: Build, run, and debug
HashiCorp Vault within minutes

HashiCorp Vault is a popular cloud-native application for storing and managing secrets. It is written in Go. The principles of confidential computing make it even better! Using our free and open source EDGELESS RT you can build and run it in an Intel SGX enclave in no time.

EDGELESS RT enables source-line debugging of in-enclave Go code. Follow the simple steps described in the documentation and use the familiar and powerful Visual Studio Code to single step your in-enclave go code. How cool is that? (Note that of course only “debug” enclaves can be debugged.)

Edgeless DB

The next-gen encrypted database

At its heart, EDGELESS DB is a full SQL database. It thus seamlessly integrates with your existing tools and workflows. What sets it apart is that it is built around the concept of Confidential Computing.  

All data stored and processed in EDGELESS DB is always encrypted and isolated – even in system memory at runtime. Thus, your data is protected even from rogue system administrators, rootkits, and other powerful attackers. This makes EDGELESS DB one of the most secure and most versatile options available for storing and processing data.  

In comparison, most other solutions today rely on standard databases to store encrypted data and at most use a hardware security module (HSM) to store the corresponding cryptographic keys. Such approaches can only protect data at rest on disk. Once data is decrypted for access, all bets are off.  

EDGELESS DB is the logical next step in hardware-rooted security: the fusion of relational databases and HSMs that protects your keys and your data at rest and at runtime.


EDGELESS DB is currently in private preview. Please get in touch if you are interested in early access.

Sign Up

Unique features

EDGELESS DB is not only more secure than legacy database + HSM deployments, it also has unique features that help you unlock the full potential of
your data.

EDGELESS DB can be instantiated with a set of rules written for example in Python. This set of rules is a hybrid between a stored procedure (a term from the database world) and a smart contract (a term from the blockchain world).  

Rules can be both simple and powerful. A typical set could be: “devices with certificates issued by A can send data; clients with certificates issued by B can run analytics algorithms X, Y, and Z on the data without getting direct access; the parties with certificates C and D may jointly update these rules.”

To make this verifiable and trustworthy, each EDGELESS DB instance produces a unique cryptographic fingerprint. By examining the fingerprint, anyone can verify that they are dealing with a real EDGELESS DB that is governed by the expected set of rules and runs on actual confidential computing hardware.  

With this, you can for instance prove that even you cannot see your customers’ individual data and can only run certain analytics. Boost your customers’ trust and comply with regulations!