The database for the age of confidential computing

EdgelessDB is a full SQL database, tailor-made for confidential computing. It seamlessly integrates with your existing tools and workflows to help you unlock the full potential of your data.

GitHub Enterprise support

In this webinar, we introduce EdgelessDB. We show you how it compares to conventional databases and how to build powerful confidential apps by leveraging EdgelessDB’s manifest feature and security properties.

Please accept marketing-cookies to watch this video.

Protect your data with EdgelessDB

By running entirely inside a secure enclave, EdgelessDB's data, cryptographic keys, and code are always protected and encrypted—even in system memory at runtime. Thus, even highly privileged attackers cannot access the data. These are strong security properties, and they can be verified remotely for any given instance of EdgelessDB.

This makes EdgelessDB the most secure and most versatile option available for both storing and processing data.

Learn more in this blog post.

EnclaveEdgelessDBFingerprintYour AppMySQLInterface

Get started in seconds

Use the following to run EdgelessDB on an SGX-enabled cloud VM, for example in Azure.

docker run -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb

Or use the following to run EdgelessDB on any machine in simulation mode.

docker run -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb
Quickstart Guide

Why developers love EdgelessDB

Tailor-made for confidential computing

Enclave-optimized encryption that ensures the confidentiality, integrity, and freshness of your data.

End-to-end verifiability

Get cryptographic proof that your stored data is protected against unauthorized access.

Great performance

EdgelessDB offers high performance while keeping your data always encrypted.

Easy integration

EdgelessDB is MySQL-compatible. Just run the Docker image to get started.

Built on industry standards

EdgelessDB is built on Open Enclave SDK, MySQL and RocksDB. This makes it flexible and future-proof.

Open source

EdgelessDB is free open-source software.

EdgelessDB enables exciting new apps

EdgelessDB can be instantiated with a manifest. The manifest defines in simple JSON the initial state of the database. It also defines who can access the database and who can recover it.

To ensure verifiability and trustworthiness each EdgelessDB instance produces a unique cryptographic fingerprint. This proves to involved parties that the database is governed by the expected manifest and runs on actual confidential computing hardware.

EdgelessDB's manifest and verification feature enables exciting new applications like confidential analytics of customer data or trustworthy pooling of data between companies. For instance, one can use the manifest to define that only certain enclaves (identified by their TLS certificates) with certain functionalities, can access the data. This way, one can, for example, build a system where sensitive customer data is protected by EdgelessDB and where only certain privacy-preserving AI training algorithms can run.

Company ACompany BCompany CManifestEdgelessDBFingerprint

Compared to existing solutions

Most secure database solutions today only encrypt data for storage, and at most use a hardware security module (HSM) to store the corresponding cryptographic keys. Such an approach can only protect data at rest. Once the data is decrypted for processing, the confidentiality of sensitive data is no longer guaranteed.

EdgelessDB is the logical next step in hardware-rooted security: the fusion of relational databases and HSMs to protect your keys and your data both at rest and at runtime.

The following table summarizes the security differences between EdgelessDB and normal databases.

Normal DBNormal DB + HSMEdgelessDB
Data Encryption on diskincludedincludedincluded
Runtime protection for keysincludedincludedincluded
Runtime protection for dataincludedincludedincluded
Runtime protection for codeincludedincludedincluded
No extra hardwarenot includednot supportednot included
Verifiability & manifestnot includedsupportednot included

Get started with EdgelessDB on Azure Marketplace

Deploy your confidential database via the Azure Marketplace in just a few steps. Learn more in our Quickstart Guide.

Quickstart Guide Azure Marketplace