Deploy unmodified Docker applications to hardware-verified Intel TDX enclaves. Every workload runs in a Trusted Execution Environment with remote attestation, memory encryption, and cryptographic proof of integrity.
Every workload runs inside an Intel TDX virtual machine with encrypted memory that even the hypervisor cannot read.
Cryptographic proof from Intel hardware that your code is running unmodified in a genuine TDX enclave before any secrets are released.
Bring your existing Docker images. No SDK, no code changes, no special toolchains. If it runs in Docker, it runs in a TDX enclave.
From code commit to verified enclave deployment in four steps.
Define your app with its Docker image reference, expected measurements, and the GitHub organization authorized to deploy it.
Push your container image to a registry. DevOps Defender records the content digest as the expected image measurement for attestation.
The TDX hardware generates a cryptographic attestation quote binding the VM identity, firmware, kernel, and rootfs into a verifiable measurement chain.
Your Docker container launches inside the verified TDX enclave. The control plane monitors health via heartbeats and enforces attestation continuously.
A one-way trust model where every component runs inside a Trusted Execution Environment.
Trust flows from hardware to software. Each layer verifies the one below it, never the reverse.
| Trust Anchor | What It Proves | Mechanism |
|---|---|---|
| Intel CPU | Hardware is genuine TDX-capable silicon | Intel Attestation Service certificate chain |
| TDX Module | VM memory is encrypted and isolated | SEAM module measurement in MRTD |
| Firmware / Kernel | Boot chain is unmodified | RTMR[0] and RTMR[1] measurements |
| dm-verity rootfs | Filesystem integrity is intact | RTMR[2] contains verity root hash |
| Application | Correct container image is running | RTMR[3] extends with image digest |
Intel TDX provides hardware-enforced isolation for entire virtual machines, not just application enclaves.
Intel TDX encrypts all VM memory with AES-256-XTS using per-TD keys managed entirely in hardware. The hypervisor, other VMs, and even physical memory probes cannot access your data.
Before releasing any secrets, verify the enclave is genuine. The TDX quote contains cryptographic measurements of the entire software stack, signed by Intel-provisioned keys.
Unlike SGX enclaves that require a specialized SDK, TDX protects entire VMs. Your Docker containers run without any code changes inside a confidential virtual machine.
Every component in the boot sequence is measured into TDX runtime measurement registers before execution, creating an unforgeable chain of trust from CPU silicon to your application.
Multiple independent security layers ensure that a compromise of any single component does not breach the system.
Every attestation request includes a unique server-generated nonce bound to the TDX quote's report data field. This prevents replay attacks and ensures freshness of every attestation.
The agent VM boots with a read-only root filesystem protected by dm-verity. Any modification to the filesystem causes I/O errors, making persistent rootkits impossible.
The Trusted Computing Base is pinned to specific versions. The control plane rejects agents whose firmware, kernel, or TDX module versions do not match the expected TCB.
Agents send periodic heartbeats with fresh attestation evidence. If an agent fails to attest or measurements drift, it is immediately quarantined from the fleet.
Each agent receives a scoped Cloudflare tunnel token during registration. Traffic never traverses the open internet; all communication is encrypted end-to-end through Cloudflare's network.
Agents are labeled with their GitHub organization. Deploy requests are authorized by matching the OIDC token's repository owner claim against the agent's ownership label. No shared secrets, no API keys.
No API keys. No shared secrets. Deploy directly from GitHub Actions using OpenID Connect tokens.
Your GitHub Actions workflow requests an OIDC token from GitHub's token endpoint. This JWT contains claims about the repository, organization, branch, and workflow that triggered the deployment.
DevOps Defender validates the JWT signature against GitHub's JWKS endpoint, checks the audience claim, and extracts the repository_owner to determine which organization is deploying.
The control plane matches the JWT's repository_owner against agents labeled with github:org/<name>. Only agents owned by the deploying organization receive the workload.
The container image is pulled and launched inside the TDX enclave. No secrets were exchanged, stored, or rotated. The entire auth flow is stateless and ephemeral.
name: Deploy to DevOps Defender
on:
push:
branches: [main]
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Deploy to TDX enclave
uses: devopsdefender/deploy-action@v1
with:
control-plane: https://devopsdefender.com
app-name: my-application
image: ghcr.io/myorg/myapp:${{ github.sha }}Get your first workload running in a TDX enclave in minutes.
Register your app with the control plane. This defines the container image, expected measurements, and which GitHub organization is authorized to deploy.
# Register a new application
curl -X POST https://devopsdefender.com/api/v1/apps \
-H "Content-Type: application/json" \
-d '{
"name": "my-application",
"image": "ghcr.io/myorg/myapp:latest",
"owner": "github:org/myorg"
}'Add the DevOps Defender deploy action to your workflow. The action handles OIDC token acquisition and deployment automatically.
permissions:
id-token: write
steps:
- name: Deploy
uses: devopsdefender/deploy-action@v1
with:
control-plane: https://devopsdefender.com
app-name: my-application
image: ghcr.io/myorg/myapp:${{ github.sha }}Check that your agent registered successfully and the workload is running inside a verified TDX enclave.
# List registered agents
curl https://devopsdefender.com/api/v1/agents | jq
# Check agent attestation status
curl https://devopsdefender.com/api/v1/agents/{id} | jq '.registration_state'
# View agent logs
curl https://devopsdefender.com/api/v1/agents/{id}/logsDevOps Defender is open source. Inspect the code, audit the measurements, and verify the attestation yourself.