Private Data with Manifest and container

[nvalerkos]

How do we supply private information that cannot be altered/tempered with inside a manifest that can only be set by the vendor or customer?

I am looking at codius as two ways:

1. Software Vendor - Do a SaaS per manifest to purchase or use my code as a service so, code must be private? how do we actually enforce that if we can just do docker pull and get it?
2. Customer - Use manifest as to do something, how to we generate some code to send prior of deploying it, like a private key?

In both cases I end up as not being able to trust the manifest data as private.

[sharafian]

The manifest has support for private fields where only the hash is exposed publicly. However, there's no way to obscure data or code from the host that's running your manifest. You could use things like multi-party computation or threshold signatures in your code if you want to have multiple hosts use a secret value without exposing it to any individual one of them

[nvalerkos]

Hmm... I could supply a public key to encrypt the generated password of the container. With no protection on the code is an issue.