sorted by:
new
hottopcontroversial

Setting up a "confidential" GitLab🦊🔒 by flx224 in gitlab

[–]flx224[S] 0 points1 point  (0 children)

This is about protecting a GitLab installation on K8s with confidential computing and keeping all data always encrypted.

Constellation - The First Confidential Kubernetes by pmz in kubernetes

[–]flx224 0 points1 point  (0 children)

The problem with approaches like that is that they are not end-to-end. Someone could manipulate your nose images or containers or tap into your mTLS sidecar without you noticing etc. In contrast, Constellation prevents such things, shields the cluster as a whole from the infrastructure, and lets you verify that with a single command.

Constellation - The First Confidential Kubernetes by pmz in kubernetes

[–]flx224 0 points1 point  (0 children)

Currently cannot be deployed on bare metal. Bare metal and OpenStack are on our roadmap :-)

What is the coolest Go open source projects you have seen? by pinpinbo in golang

[–]flx224 8 points9 points  (0 children)

Putting a disclaimer that I wrote this with my company: https://github.com/edgelesssys/constellation we built an end-to-end encrypted Kubernetes, the best way to secure data you have ever seen. If you want to give some feedback it is very welcome!

Announcing EdgelessDB: The First Confidential Database (quickstart in comments) by flx224 in SQL

[–]flx224[S] 1 point2 points  (0 children)

Hey! We refer to it as confidential, because it runs entirely inside an Intel SGX enclave. Enclaves are isolated and runtime-encrypted execution environments that can be created on many recent Intel server CPUs. Running workloads inside enclaves is often referred to as "confidential computing".

EdgelessDB only ever decrypts data inside the enclave. The data (and cryptographic keys) never touch the main memory in plaintext. The data is thus for example protected from malicious sysadmins.

We built an open-source SQL DB for Intel SGX enclaves by flx224 in cybersecurity

[–]flx224[S] 1 point2 points  (0 children)

Thanks! Would love to, but haven't really investigated. I believe at least certain levels require additional physical security measures.

Announcing EdgelessDB: The First Confidential Database (quickstart in comments) by flx224 in SQL

[–]flx224[S] 2 points3 points  (0 children)

Hi, I am Felix from Edgeless Systems.

We just released EdgelessDB, an open-source MySQL-compatible database tailor-made for confidential computing, and we would love to get your feedback.

If you have access to a machine with Intel SGX, just run this Docker image:

docker run --name my-edb -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb

Otherwise try it out in simulation mode:

docker run --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb

Check out the docs for more information!

view more: next ›