Skip to main content

What is a Secure Enclave?

A secure enclave is an environment that provides for isolation of code and data from OS using hardware-based CPU-level isolation. Secure enclaves offer a process called attestation to verify that the CPU and apps running are genuine and unaltered. Secure enclaves are one implementation of the concept of Confidential Computing.

Confidential Computing

Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE) within a Secure Enclave. The terms TEE and Secure Enclaves are sometimes used interchangeably.

Confidential Computing is a cloud computing technology that isolates sensitive data in a protected enclave during processing.

What are the components of the Cape Trusted Execution Environment?

Nitro Enclaves

Cape uses AWS Nitro Enclaves’ isolated compute environment as a foundation for our Trusted Execution Environment.

For more information, see


Before user data leaves the enclave, Cape encrypts user data with Amazon Web Services Key Management System (AWS KMS) before uploading encrypted user data to the Cape infrastructure.

For more information, see

Cape Application

Cape runs its architecture within enclaves for any part that processes customer data. It runs the code that encrypts the user’s data as it passes into, and out of the enclave and the data is never unencrypted outside of it. Think of our application as a guardian that lives inside secure enclaves. It acts as the bodyguard for user data, providing encryption in the form of a private key that resides only within the enclaves.

Before user data leaves the enclave, our application prepares user data for storage by encrypting it with AWS KMS before loading it into Cape’s infrastructure. Only the enclave can access the KMS key that’s been used to encrypt the now-stored data.

Why use Cape Privacy?

  • Easy-to-Use: Cape doesn’t require expertise in security or infrastructure.

  • Secure: Cape uses the strongest data encryption and secure processing within a Trusted Execution Environment.

  • Scalable: Cape auto-scales and is exposed through a simple CLI and SDKs.

  • Built for developers: If you can code, you can use Cape to build secure applications so that data and privacy breaches never happen.