Securely build, deploy and manage Linux workloads with sensitive data on IBM Z and LinuxONE by using confidential computing technology
Protect critical Linux workloads
IBM Confidential Computing Container Runtime delivers a confidential computing environment that protects sensitive Linux® workloads from internal and external threats by leveraging IBM Secure Execution for Linux. Available on premises, IBM Confidential Computing Container Runtime supports security-rich deployment, trusted access control and seamless operations.
Developers can build applications in a trusted execution environment that keeps sensitive data encrypted and isolated at all times.
Admins can validate application origin and integrity by using encrypted contracts and attestation for secure, zero-trust deployments.
Operations teams can manage workloads without accessing sensitive data, reducing insider risk and enforcing data privacy.
Run protected workloads with consistent security policies and container registry support.
Features
This tamper-proof environment is built to run digital asset workloads (such as key management, smart contracts, wallets and blockchain nodes) with high levels of security.
As the underlying infrastructure for the IBM® Digital Assets Platform, it provides hardware-enforced isolation and encryption that keep sensitive data private and protected, even from insiders or system administrators. This built-in protection helps custodians and issuers operate confidently in regulated environments.
Bring your own trusted container registries such as IBM Cloud® Container Registry, Docker Hub or others. Simplify development and CI/CD while maintaining the confidentiality of your application and environment metadata in trusted execution environments.
Protect disk-level data with Linux® Unified Key Setup by using encryption passphrases generated exclusively inside the trusted execution environment (TEE). This ensures data remains protected even if disk images are copied or compromised outside the secure environment.
Enable developers, administrators and operators to work together securely by using encrypted contracts that keep each contribution private. Data and code are protected, even from other collaborators.
Built on zero-trust principles, this approach separates duties and access while ensuring deployment integrity. An auditor persona can verify the final state through a signed, encrypted attestation, ensuring trust without exposing sensitive details.
This tamper-proof environment is built to run digital asset workloads (such as key management, smart contracts, wallets and blockchain nodes) with high levels of security.
As the underlying infrastructure for the IBM® Digital Assets Platform, it provides hardware-enforced isolation and encryption that keep sensitive data private and protected, even from insiders or system administrators. This built-in protection helps custodians and issuers operate confidently in regulated environments.
Bring your own trusted container registries such as IBM Cloud® Container Registry, Docker Hub or others. Simplify development and CI/CD while maintaining the confidentiality of your application and environment metadata in trusted execution environments.
Protect disk-level data with Linux® Unified Key Setup by using encryption passphrases generated exclusively inside the trusted execution environment (TEE). This ensures data remains protected even if disk images are copied or compromised outside the secure environment.
Enable developers, administrators and operators to work together securely by using encrypted contracts that keep each contribution private. Data and code are protected, even from other collaborators.
Built on zero-trust principles, this approach separates duties and access while ensuring deployment integrity. An auditor persona can verify the final state through a signed, encrypted attestation, ensuring trust without exposing sensitive details.
Resources
Related products
Discover other products in the IBM confidential computing portfolio.
Designed to address limitations of current cold storage offerings for digital assets. Available on IBM Z® or IBM LinuxONE.
Secure sensitive data from development to deployment and throughout its usage in an application with IBM Confidential Computing Container Runtime for Red Hat Virtualization Solutions and IBM Confidential Computing Containers for Red Hat OCP.