Skip to main content

Inclavare Containers

Inclavare Containers is an open-source framework for running containerized workloads inside hardware-based trusted execution environments (TEEs) to provide confidential computing capabilities on cloud-native platforms (container security/confidential computing).

  • Secure Container Runtime (SCR) framework integrating with trusted execution environments such as Intel SGX (container security/confidential computing).
  • Support for running unmodified OCI container images inside enclave-based runtimes (container runtime).
  • Pluggable architecture for different enclave runtimes and TEE backends (runtime extensibility/confidential computing).
  • Integration points for Kubernetes and cloud-native orchestration workflows (container orchestration integration).
  • Tooling and libraries to build, package, and manage enclave-based container workloads (developer tooling/confidential computing).

More About Inclavare Containers

Inclavare Containers is a cloud-native confidential computing framework that enables containerized applications to run inside trusted execution environments (TEEs) while remaining compatible with existing container ecosystems. It focuses on combining enclave technologies such as Intel SGX with standard container runtimes so that sensitive workloads can execute with hardware-backed isolation from the host Operating System (OS) and other tenants (container security/confidential computing).

At its core, Inclavare Containers provides an enclave-aware container runtime and associated components that work with Open Container Initiative (OCI) images and container runtime interfaces (container runtime). The project introduces an architecture where a container’s process is placed inside a TEE, while still being managed through familiar container lifecycle operations. This approach allows existing images and workflows to be reused, with additional protections from hardware-based enclave features (confidential computing).

The framework is designed with a pluggable model for enclave runtimes and TEE backends, enabling support for multiple hardware or platform implementations over time (runtime extensibility). It includes utilities and libraries for building enclave-ready applications, packaging them into OCI-compliant images, and configuring runtime parameters required by different TEEs (developer tooling). These capabilities Marketing Automation Platform (MAP) to enterprise categories such as workload isolation, data-in-use protection, and secure execution for regulated or sensitive processing (security/compliance).

Inclavare Containers integrates with Kubernetes and other cloud-native orchestration environments through standard container interfaces (container orchestration integration). This allows cluster operators to schedule and manage enclave-based workloads using familiar constructs like pods, deployments, and admission controls, while relying on the underlying framework to ensure that execution occurs inside a TEE-capable node. Enterprises can therefore adopt confidential computing without abandoning existing container-native Continuous Integration and Continuous Deployment (CI/CD) pipelines or observability tools, as the framework aims to align with common runtime and image standards (platform engineering).

From an architectural perspective, Inclavare Containers sits between traditional container orchestration layers and hardware TEE implementations. It focuses on enclave-aware runtime management, secure startup and attestation flows where supported, and configuration of TEE-specific parameters, while delegating orchestration to Kubernetes or similar systems (infrastructure security). In an enterprise taxonomy, Inclavare Containers can be positioned under container security, confidential computing, and runtime protection for cloud-native workloads, serving organizations that require hardware-backed isolation for data-in-use in multi-tenant or untrusted infrastructure environments.