Last Updated: February 2026
These samples demonstrate Intel SGX enclave-aware containers for Azure Kubernetes Service (AKS). Intel SGX provides hardware-based memory encryption and isolation for sensitive workloads.
Note: For AMD SEV-SNP based confidential containers, see the ACI Samples and Multi-Party Samples.
┌───────────────────────────────────────────────────────────┐
│ Intel SGX Enclave Architecture │
├───────────────────────────────────────────────────────────┤
│ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ Container Application │ │
│ │ ┌─────────────────────────────────────────────┐ │ │
│ │ │ Intel SGX Enclave │ │ │
│ │ │ ┌──────────────────┐ ┌──────────────────┐ │ │ │
│ │ │ │ Trusted Code │ │ Sealed Data │ │ │ │
│ │ │ │ (ECALLs) │ │ (Encrypted) │ │ │ │
│ │ │ └──────────────────┘ └──────────────────┘ │ │ │
│ │ │ Hardware Memory Encryption (MEE) │ │ │
│ │ └─────────────────────────────────────────────┘ │ │
│ └───────────────────────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────────────────────┐ │
│ │ AKS with Intel SGX Node Pool (DCsv2/DCsv3) │ │
│ └───────────────────────────────────────────────────┘ │
└───────────────────────────────────────────────────────────┘
The samples include Dockerfiles and Kubernetes YAML files for deploying enclave-aware applications to AKS with confidential computing nodes.
Simple demonstration of enclave creation and function calls:
- Create an Intel SGX enclave
- Call trusted functions inside the enclave
- Print a hello world message from protected memory
Secure communication channel between enclaves:
- Server enclave with TLS endpoint
- Client enclave verifying server attestation
- Mutual attestation handshake
- Encrypted communication channel
| VM Series | Hardware | Use Case |
|---|---|---|
| DCsv2 | Intel SGX | Legacy enclave workloads |
| DCsv3 | Intel SGX | Current enclave workloads |