Skip to main content

Public preview: Confidential containers on ACI

Published date: March 01, 2023

Confidential containers on ACI, now available in public preview, enables you to run containers in a trusted execution environment (TEE) that provides hardware-based confidentiality and integrity protections for your container workloads. The TEE is currently supported by AMD Secure Nested Paging hardware.   

Confidential containers on ACI is supported as a new SKU that you can select when deploying your workload and will provide you with the following benefits for workloads processing highly sensitive data:  

  • Ability to lift and shift workloads to a confidential environment without needing to take any dependencies on any confidential computing libraries.
  • In-memory encryption of data with a hardware based dedicated key per container group helping to guard against attacks from a malicious OS, or Hypervisor components. 
  • Support for remote attestation to enabling a relying party to verify that a service is running in a TEE before processing any sensitive data. As part of confidential containers on ACI an agent will validate the authenticity of the hardware and application components which can be verified through a remote attestation service before any sensitive data is released to the TEE.

Learn more about the public preview in the blog announcement and documentation

  • Azure Container Instances
  • Features