The infrastructure your users don't have to trust.

End-to-end encrypted computation and storage. Deployed with a Docker push.

Ready to start building? talk to us

backed by

$ docker push registry.enclavia.io/myco/app:v2
  pushed. deterministic build started.
$ enclavia deploy myapp --tier small
  ✓ enclave running · attested · c7a.xlarge
$ enclavia pcrs myapp
  ✓ PCR0 sha384:9f2e...c831 · matches local build

why enclavia

Secure by design, hostile to ship. Until now.

Domain expertise to build, plus instances, proxies and keys to manage by hand. You handle the product — we handle every proxy, key rotation and attestation handshake the box demands.

Secure your systems

Your code runs in hardware-isolated enclaves that no one can access: not us, not the cloud provider, not an attacker on the host.

→ eliminate entire classes of breach

Protect user data

Data is encrypted end-to-end and only decrypted inside the enclave. Our SDK verifies attestation automatically — your users can independently verify too.

→ data protection your users can verify

State sealed by silicon

Encrypted persistent storage, mounted into the enclave at boot. Keys never leave the chip. Survives restarts, redeploys, and host compromise alike.

→ durable state without the trust hole

use cases

Built for teams handling bitcoin.

When your users need proof, not promises.

Wallets

Server-side balance tracking, address monitoring, and push notifications — without learning who owns what. The enclave indexes against private xpubs and emits events the operator can't decode.

Exchanges

Hot wallet management with policy enforced in silicon. Rate limits, withdrawal approvals, and fraud checks run inside the enclave. The operator can't move funds alone, and the policy is auditable from the attestation.

Co-signing services

A second signer that lives in silicon. Co-signs only when policy allows — spending limits, fraud checks, user 2FA. Clients can verify the policy is exactly what was advertised, every time.

Lightning services

Run LSPs, routing nodes, or watchtowers without making the operator liable for theft. Channel state and signing keys live inside the enclave — even full host compromise can't steal user funds.

how it works

Three commands. Zero trust required.

You push a Docker image. We build it deterministically inside a hardware enclave. The client SDK verifies attestation automatically before sending any data.

Push

Push your Docker image to our private registry. Same workflow you already have.

Attest

We build deterministically and deploy into a hardware-isolated enclave. The enclave generates a cryptographic attestation signed by the hardware.

Verify

Your client SDK checks the hardware attestation automatically. It only talks to the correct, attested backend. No manual steps.

pricing

Pricing built around early teams.

We're working with our first cohort to find the model that scales with them — usage, packages, or a hybrid. Free tier for development, real numbers when you're ready to ship.

private beta

Tell us about your workload.

Free tier for development is permanent. Production pricing is set per-customer during beta — talk to us about what you're building and we'll quote against it.

talk to us →

how we compare

How we compare

Enclavia is the only managed platform combining full enclave isolation with encrypted storage and a path to GPU workloads.

	Enclavia	Evervault	Fortanix	DIY (Nitro)
Managed enclaves	Yes	Yes	Yes	No
Encrypted storage	Yes	No	Yes	Manual
Mesh networking	Coming soon	No	No	No
Serverless enclaves	Roadmap	No	No	No
Docker-native workflow	Yes	Partial	No	Manual

founder

Built by an open-source veteran.

Bitcoin infrastructure. Production cryptography. The discipline this product demands.

Alekos Filini · Founder

Founder of BDK (Bitcoin Dev Kit). 8+ years in the Bitcoin world. Shipped hardware security products and critical infrastructure code.

Inert by design. Attested by silicon.

We're onboarding early teams now.

Ready to start building? talk to us

or leave your email — we'll reach out when it's your turn