Skip to content

MarbleRun is the control plane for confidential computing. Deploy, scale, and verify your confidential microservices on vanilla Kubernetes. 100% Go, 100% cloud native, 100% confidential.

License

Notifications You must be signed in to change notification settings

konvera/marblerun

Repository files navigation

MarbleRun

logo

GitHub Actions Status GitHub license Go Report Card PkgGoDev Discord Chat

MarbleRun is a framework for creating distributed confidential-computing apps.

Build your confidential microservices with EGo or another runtime, distribute them with Kubernetes on an SGX-enabled cluster, and let MarbleRun take care of the rest. Deploy end-to-end secure and verifiable AI pipelines or crunch on sensitive big data in the cloud.

MarbleRun guarantees that the topology of your distributed app adheres to a Manifest specified in simple JSON. MarbleRun verifies the integrity of services, bootstraps them, and sets up encrypted connections between them. If a node fails, MarbleRun will seamlessly substitute it with respect to the rules defined in the Manifest.

To keep things simple, MarbleRun issues one concise remote attestation statement for your whole distributed app. This can be used by anyone to verify the integrity of your distributed app.

Key features

🔒 Authentication and integrity verification of microservices with respect to a Manifest written in simple JSON

🔑 Secrets management for microservices

📦 Provisioning of certificates, configurations, and parameters for microservices

🌐 Remote attestation of the entire cluster

Overview

overview

Supported runtimes

MarbleRun supports services built with one of the following frameworks:

More are coming soon.

Quickstart and documentation

See the Getting Started Guide to set up a distributed confidential-computing app in a few steps. See the documentation for details.

Contributing

To report a problem or suggest a new feature, file a GitHub issue.

To report a security issue, write to [email protected]

BUILD.md includes general information on how to work in this repo.

Pull requests are welcome! You need to agree to our Contributor License Agreement.

Get involved

Examples

Hello world

We provide basic examples on how to build confidential apps with MarbleRun:

Advanced

In case you want to see how you can integrate popular existing solutions with MarbleRun, we provide more advanced examples:

  • See graphene-nginx for an example of converting an existing Graphene application to a Marble
  • See graphene-redis for a distributed Redis example using Graphene

Confidential emoji voting

The popular Linkerd service mesh uses the simple and scalable emojivoto app as its default demo. Check out our confidential variant. Your emoji votes have never been more secure! 😉

About

MarbleRun is the control plane for confidential computing. Deploy, scale, and verify your confidential microservices on vanilla Kubernetes. 100% Go, 100% cloud native, 100% confidential.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 99.1%
  • Other 0.9%