This directory contains example scripts and configurations for deploying Azure Confidential Computing resources in scenarios that require heightened data sovereignty, compliance, or backup/recovery controls.
| Folder | Description |
|---|---|
citizen-registry-app/ 🆕 |
Sovereign citizen registry: Confidential ACI container → Private VNet → Application Gateway → SQL Server on a Confidential VM. Features remote attestation, Secure Key Release, IPv6-only CVM, ephemeral credentials, and API-based data seeding. |
cvm-backup/ |
Deploy a Windows Confidential VM (CVM) with Azure Backup (Recovery Services Vault) and Customer Managed Key disk encryption |
- All examples use AMD SEV-SNP hardware-based memory protection
- Customer Managed Keys (CMK) via Azure Key Vault Premium with confidential disk encryption
- Private VNet topology – no public IP on the VM; optional Azure Bastion for RDP access
- Resource tagging for ownership tracking and automation
- Azure PowerShell (Az module, latest version)
- An Azure subscription with quota for DCasv5-series Confidential VMs
- The Confidential VM Orchestrator service principal registered in your tenant