EdgelessDB is an open-source MySQL-compatible database for confidential computing. EdgelessDB runs entirely inside runtime-encrypted Intel SGX enclaves. In contrast to other databases, EdgelessDB ensures that all data is always encrypted—in memory as well as on disk. EdgelessDB has no storage constraints and delivers close to native performance.

Central to EdgelessDB is the concept of a manifest. The manifest is defined in JSON and is similar to a smart contract. It defines the initial state of the database, including access control, in an attestable way.

Architecturally, EdgelessDB is based on MariaDB. As storage engine, it uses an enhanced version of RocksDB. The file encryption of EdgelessDB's storage engine is designed and built for the enclave and its very strong attacker model. In this context, EdgelessDB's storage engine provides confidentiality, integrity, freshness, auditability, and recoverability for data. Other databases, even when running inside enclaves using general-purpose frameworks, do not have these security properties.

1. Bring security to the next level and replace your existing database with EdgelessDB. The added security may allow you to shift sensitive databases from on-premises to the cloud.
2. Build exciting new confidential apps by leveraging EdgelessDB's manifest feature and security properties, for example pooling and analyzing sensitive data between multiple parties.

• Always encrypted: in addition to authenticated encryption on disk, the data is also encrypted in memory at runtime.
• Manifest: defines the initial database state, including access control.
• Remote attestation: proves that the EdgelessDB instance runs in a secure enclave and enforces the manifest.

For details see concepts.

Run EdgelessDB on an SGX-capable system:

docker run --name my-edb -p3306:3306 -p8080:8080 --privileged -v /dev/sgx:/dev/sgx -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb

Or try it in simulation mode on any system:

docker run --name my-edb -p3306:3306 -p8080:8080 -e OE_SIMULATION=1 -t ghcr.io/edgelesssys/edgelessdb-sgx-1gb

You may want to start with using EdgelessDB as a high-security SQL database in a possibly untrusted environment.

Or check out the demo to see how EdgelessDB's confidential-computing features can be used for secure multi-party data processing.

See the docs for details on EdgelessDB concepts, configuration, and usage.

Read CONTRIBUTING.md for information on issue reporting, code guidelines, and our PR process.

BUILD.md includes general information on how to work in this repo.