The world’s most
secure Kubernetes

Constellation leverages confidential computing to isolate entire Kubernetes clusters from the infrastructure. Finally, the public cloud turns into your private cloud.

Shield your entire Kubernetes deployments

lock icon

Everything always encrypted

All data in the cluster remains encrypted in all states - at rest, in transit, and during processing.

cloud icon

Assured workload integrity

The integrity of the entire cluster is verified based on cryptographic certificates and latest supply-chain security mechanisms.

performance icon

Performance and scale

High availability, autoscaling, and close to native performance.

Why Constellation

By encrypting your entire K8s cluster, Constellation supports you in migrating

sensitive workloads to the cloud with maximum security and increasing your

SaaS offerings' trustworthiness. Constellation will help you prevent

data breaches and address regulatory requirements like GDPR

and DORA. Constellation works on all major clouds.

Constellation illustration
Constellation icon

Easy to use and integrate

Constellation can be set up in minutes in your favorite cloud with an easy-to-use CLI. Afterwards, you can connect your favorite Kubernetes tooling via the kubeadm interface.

Constellation enables you to


Migrate sensitive workloads to the cloud


Make your SaaS
more trustworthy


Increase the security of your Kubernetes clusters

Comparison with managed Kubernetes

For end-to-end confidentiality, it is not enough to use managed Kubernetes offerings like AKS, EKS, or GKE with Confidential VMs. Many attack vectors remain.

Security analysis preview

Constellation is the leading confidential-computing solution

Kubernetes certified logo

Constellation is a CNCF-certified Kubernetes distribution

This ensures compatibility with all existing Kubernetes tooling. On top, we implement Kubernetes security updates within 24 hours.

Slsa level 3

Constellation implements SLSA, the gold standard for supply-chain security

Constellation achieves SLSA Level 3. With reproducible builds, hardware-based attestation, and sigstore-based software signatures throughout, Constellation is leading the way in supply-chain security for Kubernetes.

Center for Internet Security logo

Constellation passes the CIS Kubernetes security benchmarks

The benchmarks from the Center for Internet Security (CIS) are widely recognized standards for defending IT systems against cyberattacks.

GitHub logo

Constellation is open source

The source code of Constellation is accessible for anyone to review on GitHub. This enables meaningful remote attestation.

OCCRP uses Constellation on GCP to protect journalists

Constellation’s ease of use meant that Organized Crime and Corruption Reporting Project (OCCRP) developers could easily implement it and subsequently continue focusing on the other technical tools that augment their journalists’ work. With Constellation, OCCRP could rest assured that the most valuable information remains safe for use by international journalists.

Crowd of journalists

Embark into the future of cloud security