AWS Nitro Enclaves Ecosystem (2) — Evervault

Background

If you haven’t read my previous post, please read AWS Nitro Enclaves Ecosystem (1) — Chain of trust on how I see services built on top of AWS Nitro Enclaves and the importance of Attestation Document.

This time, I’m going to talk about my thought on Evervault.

What is Evervault

Evervault provides transparent encryption using relay webhooks.

Encryption service

The idea is that before sensitive data goes into the system, you can route the traffic through Evervault Inbound Relay to encrypt it so that the system can only get the encrypted data.

To use the encrypted data, Evervault provides Outbound Relay to decrypt the data before sending it to the external components.

Using it, developers can build applications that handle sensitive data without worrying about encryption or changing the code to protect it.

Evervault states that the encryption is performed by Evervault Encryption Engine (E3), which is running on Nitro Enclaves. However, there is no way for us to tell whether it’s true. There is no independent audit available as well.

Runtime provisioning

Evervault Functions

Besides simply encrypting data, Evervault also provides the environment for developers to run simple functions on sensitive…