Documentation for deploying dstack-compatible confidential workloads on GCP (Intel TDX) and AWS Nitro Enclaves with dstack.
New to dstack? Start here:
- Quick Start Tutorial — Deploy your first confidential workload on GCP in 10-15 minutes
| Document | Description |
|---|---|
| Quick Start | Deploy your first dstack app on GCP |
| Document | Description |
|---|---|
| Overview | Architecture, components, and how dstack works |
| Security Model | Trust boundaries and security guarantees |
| Attestation Integration | TDX + vTPM and NSM attestation mechanisms |
| KMS and Key Delivery | How keys are delivered to confidential workloads |
| Nitro Enclave | AWS Nitro Enclave specifics and VSOCK communication |
| Governance | On-chain governance with Safe and Timelock |
| Document | Description |
|---|---|
| Run a Workload on GCP | Deploy Docker apps as CVMs on GCP with Intel TDX |
| Run a Workload on AWS Nitro | Deploy Docker apps as Nitro Enclaves |
| Run dstack-kms on GCP | Set up your own KMS instance |
| Register Enclave Measurement | Whitelist workloads for key retrieval |
| Deploy On-chain KMS | Deploy KMS contract with Timelock governance |
| Manage Governance | Operate Safe and Timelock for production |
| Document | Description |
|---|---|
| Monitoring & Alerting | Observability setup |
| Runbook | Operational procedures |
| Upgrade | Upgrade procedures |
| Document | Description |
|---|---|
| API Reference | KMS and dstack-util APIs |
| Configuration | Configuration options |
| Glossary | Terms and definitions |
| Document | Description |
|---|---|
| Code Walkthrough | Source code explanations |
| E2E Test Report | End-to-end testing results |
| Release Notes | Version history and changes |
- Confidential Computing — Run workloads in hardware-protected TEEs (Intel TDX on GCP, Nitro Enclaves on AWS)
- Remote Attestation — Prove your workload runs in genuine hardware
- Key Management — Secure key delivery from KMS running in its own TEE
- On-chain Governance — Production-grade governance with Safe multisig and Timelock
| Platform | TEE Technology | Key Delivery |
|---|---|---|
| GCP | Intel TDX | dstack-agent (automatic) |
| AWS | Nitro Enclave | dstack-util via VSOCK Proxy |
| Option | Description | Use Case |
|---|---|---|
| Phala Official KMS | Hosted by Phala Network | Quick start, development |
| Self-hosted KMS | Deploy your own | Production, compliance |
Self-hosted KMS can be deployed on:
- GCP (Intel TDX CVM)
- Intel TDX Bare Metal server
- dstack-cloud GitHub — Main repository
- dstack-nitro-enclave-app-template — Nitro Enclave template
- dstack GitHub — Core dstack and KMS contracts
MIT