MarbleRun
MarbleRun is a framework for creating distributed confidential-computing apps.
Build your confidential microservices with EGo or another runtime, distribute them with Kubernetes on an SGX-enabled cluster, and let MarbleRun take care of the rest. Deploy end-to-end secure and verifiable AI pipelines or crunch on sensitive big data in the cloud.
MarbleRun guarantees that the topology of your distributed app adheres to a Manifest specified in simple JSON. MarbleRun verifies the integrity of services, bootstraps them, and sets up encrypted connections between them. If a node fails, MarbleRun will seamlessly substitute it with respect to the rules defined in the Manifest.
To keep things simple, MarbleRun issues one concise remote attestation statement for your whole distributed app. This can be used by anyone to verify the integrity of your distributed app.
Key features
:lock: Authentication and integrity verification of microservices with respect to a Manifest written in simple JSON
:key: Secrets management for microservices
:package: Provisioning of certificates, configurations, and parameters for microservices
:globe_with_meridians: Remote attestation of the entire cluster
Overview
Supported runtimes
MarbleRun supports services built with one of the following frameworks:
Quickstart and documentation
See the Getting Started Guide to set up a distributed confidential-computing app in a few steps. See the documentation for details.
Community & help
- Got a question? Please get in touch via Discord or file an issue.
- If you see an error message or run into an issue, please make sure to create a bug report.
- Get the latest news and announcements on Twitter, LinkedIn or sign up for our monthly newsletter.
- Visit our blog for technical deep-dives and tutorials.
Contributing
- Read
CONTRIBUTING.mdfor information on issue reporting, code guidelines, and our PR process. BUILD.mdincludes general information on how to work in this repo.- Pull requests are welcome! You need to agree to our Contributor License Agreement.
- This project and everyone participating in it are governed by the Code of Conduct. By participating, you are expected to uphold this code.
- Please report any security issue via a private GitHub vulnerability report or write to security@edgeless.systems.
Examples
Hello world
We provide basic examples on how to build confidential apps with MarbleRun:
- See helloworld for an example in Go
- See helloc++ for an example in C++
- See gramine-hello for an example using Gramine
- See occlum-hello for an example using Occlum
Advanced
In case you want to see how you can integrate popular existing solutions with MarbleRun, we provide more advanced examples:
- See gramine-nginx for an example of converting an existing Gramine application to a Marble
- See gramine-redis for a distributed Redis example using Gramine
Confidential emoji voting
The popular Linkerd service mesh uses the simple and scalable emojivoto app as its default demo. Check out our confidential variant. Your emoji votes have never been more secure! 😉