MarbleRun

The easiest way
to orchestrate enclaves


MarbleRun takes care of remote attestation, key management, and many other core tasks in a cluster of Intel SGX enclaves. Think "service mesh for enclaves."

Why MarbleRun

keys icon

Key management, mTLS, and recovery


MarbleRun securely manages keys for your enclaves, provisions secrets, sets up mTLS connections, and enables secure recovery.

shield icon

Whole deployment attestation


MarbleRun provides one succinct attestation statement for your deployment, proving that your deployment adheres to a given manifest.

compatibility icon

Wide compatibility


MarbleRun can be installed on any SGX-enabled Kubernetes or used standalone. It supports enclaves built with Gramine, EGo, or Occlum.

Manage and mesh your enclaves securely


Build your confidential microservices with EGo, distribute them

with Kubernetes on an SGX-enabled cluster, and let MarbleRun

take care of the rest. Deploy end-to-end secure and verifiable AI

pipelines or crunch on sensitive big data in the cloud.

Marblerun illustration
MarbleRun icon

Easy-to-use


Getting MarbleRun up and running only requires a handful of steps.

  1. Build enclaves for MarbleRun. EGo-based enclaves even work out-of-the-box.
  2. Define manifest in simple JSON.
  3. Install MarbleRun and set a manifest using the CLI.

Tip: MarbleRun works great on SGX-enabled AKS on Azure.

MarbleRun commands

Learn how MarbleRun enables Bosch’s confidential AI pipeline in the public cloud


Bosch set up a highly scalable AI pipeline on Microsoft Azure that provides encryption in key parts of the video and image processing mechanism. Everything is done respecting European regulations and privacy, with no loss to analysis capabilities, and at a reasonable cost, thanks to the flexibility of a public cloud.

Autonomous driving car

Is MarbleRun the right choice for my project?

MarbleRun is a tool for experts who aim to minimize the trusted computing base and do not shy away from adapting apps and writing app-specific manifests.

If your goal is to shield the entire Kubernetes cluster with zero changes, our product Constellation is the better choice.

Intel offices

“It’s great to see how MarbleRun makes Gramine-based confidential workloads scalable. Looking forward to seeing the two grow together.”



- Mona Vij
Principal Engineer at Intel Labs

T-systems offices

“Within our innovation efforts in the area of confidential computing, we are actively cooperating with Edgeless Systems. Ego and MarbleRun facilitate the development effort and help to focus on solving the customer problems and implementing business logic in cloud environments.”



- Ivan Gudymenko
IT Security Architect at T-Systems

Get started with MarbleRun