Meet us at KubeCon Amsterdam (booth #108) on April 18th-21st

The control plane for confidential computing

MarbleRun is an open-source control plane that simplifies deploying, scaling, and verifying SGX-based apps. It is designed to run on Kubernetes—whether alongside a service mesh or as a standalone service.

GitHub Enterprise support

Confidential computing at scale has never been easier

With MarbleRun, your entire cluster becomes end-to-end encrypted and end-to-end verifiable. It takes care of common tasks like verifying the services in your cluster, managing secrets for them, and establishing enclave-to-enclave mTLS connections between them.

Learn more about the MarbleRun approach in the documentation.

Please accept marketing-cookies to watch this video.

Why developers love MarbleRun

Super secure, always encrypted

All services run in secure enclaves; your data and code are encrypted even at runtime. Between enclaves, data is transmitted via mTLS.

End-to-end verifiability

Get cryptographic proof that the topology of your cluster adheres to a manifest defined in simple JSON.

Open-source and open standards

MarbleRun is open source and is built on the industry-standard Open Enclave. It has support for EGo, Gramine, and Occlum based services.

Cloud native and cloud agnostic

MarbleRun is written in Go and uses standards like gRPC and REST. It scales and secures your apps in any cloud that has Intel SGX—like Azure.

Keep using your existing tools

Despite using the latest confidential computing tech, MarbleRun works frictionless with K8s, Helm and normal services meshes like Istio or Linkerd.

Quick start

Porting and deploying existing distributed Go apps only takes a few simple steps.

Add confidential computing features to your favorite service mesh

As organizations build more microservices, complexity grows. A service mesh addresses the challenges of connecting, observing, controlling and securing microservice architectures. It is a dedicated infrastructure layer which handles the service-to-service communication.

With MarbleRun we provide an open-source solution that extends the confidentiality, integrity, and verifiability properties of a single enclave to a Kubernetes cluster. MarbleRun does not replace your service mesh; it is built to run alongside your existing cloud-native tooling.

Make your deployment a confidential deployment

Learn how to install MarbleRun into your Kubernetes cluster and deploy a sample confidential application.

Documentation Quickstart Guide