The service mesh for confidential computing

Marblerun makes it easy to deploy, scale, and verify your SGX-based apps on vanilla Kubernetes. Think Istio/Consul/Linkerd for confidential computing. It’s open source, written in Go, and truely cloud native.

Get started → Join the community


Everything always encrypted (even at runtime)

All services run in secure enclaves; your data and code are encrypted even at runtime. Between enclaves, data is transmitted via mTLS.

End-to-end verifiability for the whole cluster

Get cryptographic proof that the topology of your cluster adheres to a Manifest defined in simple JSON.

Keep using your existing tools and stacks

Despite using the latest confidential-computing tech, Marblerun works frictionless with K8s, Helm and normal services meshes like Istio or Linkerd.

Cloud native and cloud agnostic

Marblerun is written in Go and uses standards like gRPC and REST. It scales and secures your apps in any cloud that has Intel SGX - like Azure.

Deploy your first app in minutes

Usability and simplicity (and security of course!) are our guiding principles. Porting and deploying existing distributed Go apps only takes a few simple steps.

Open source and open standards

Marblerun is open source and builds upon the industry standard Open Enclave and Edgeless RT. In the future, it will also support Graphene.

Why a service mesh for confidential computing?

Blog post #1

We give an intro to the concept of confidential computing.

Blog post #2

We give intro to the service mesh concept and discuss crucial properties in the context of confidential computing.

Blog post #3

We describe how the two fit together and describe the key features and architecture of Marblerun.