EdgelessDB is an open-source MySQL-compatible database for confidential computing. EdgelessDB runs entirely inside runtime-encrypted Intel SGX enclaves. In contrast to other databases, EdgelessDB ensures that all data is always encrypted—in memory as well as on disk. EdgelessDB has no storage constraints and delivers close to native performance.
Central to EdgelessDB is the concept of a manifest. The manifest is defined in JSON and is similar to a smart contract. It defines the initial state of the database, including access control, in an attestable way.
Architecturally, EdgelessDB is based on MariaDB. As storage engine, it uses an enhanced version of RocksDB. The file encryption of EdgelessDB's storage engine is designed and built for the enclave and its very strong attacker model. In this context, EdgelessDB's storage engine provides confidentiality, integrity, freshness, auditability, and recoverability for data. Other databases, even when running inside enclaves using general-purpose frameworks, do not have these security properties.
For details see concepts.
Run EdgelessDB on an SGX-capable system:
docker run -t --name my-edb -p3306:3306 -p8080:8080 --device /dev/sgx_enclave --device /dev/sgx_provision ghcr.io/edgelesssys/edgelessdb-sgx-1gb
Or try it in simulation mode on any system:
docker run -t --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 ghcr.io/edgelesssys/edgelessdb-sgx-1gb
You may want to start with using EdgelessDB as a high-security SQL database in a possibly untrusted environment.
Or check out the demo to see how EdgelessDB's confidential-computing features can be used for secure multi-party data processing.
See the docs for details on EdgelessDB concepts, configuration, and usage.