Get Attestation
Workloads that request attestation evidence
Features
Primitives provided by Confidential Containers
In addition to running pods inside of enclaves, Confidential Containers provides several other features that can be used to protect workloads and data. Securing complex workloads often requires using some of these features.
Most features depend on and require attestation, which is described in the next section.
Get Secret Resources
Workloads that request resources from Trustee
Signed Images
Procedures to generate and deploy signed OCI images with CoCo
Encrypted Images
Procedures to encrypt and consume OCI images in a TEE
Authenticated Registries
Use private OCI registries
Sealed Secrets
Generate and deploy protected Kubernetes secrets
Init-Data
Use Init-Data to inject dynamic configurations for Pods
Image Pull Proxy
Pull containers from self-hosted registries
Local Registries
Pull containers from self-hosted registries
Protected Storage
Add protected volumes to a pod