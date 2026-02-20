IBM Confidential Computing Container Runtime

Securely build, deploy and manage Linux workloads with sensitive data on IBM Z and LinuxONE by using confidential computing technology

Protect critical Linux workloads

IBM Confidential Computing Container Runtime delivers a confidential computing environment that protects sensitive Linux® workloads from internal and external threats by leveraging IBM Secure Execution for Linux. Available on premises, IBM Confidential Computing Container Runtime supports security-rich deployment, trusted access control and seamless operations.

Build with end-to-end security

Developers can build applications in a trusted execution environment that keeps sensitive data encrypted and isolated at all times.
Deploy with verified trust

Admins can validate application origin and integrity by using encrypted contracts and attestation for secure, zero-trust deployments.
Manage sensitive data confidently

Operations teams can manage workloads without accessing sensitive data, reducing insider risk and enforcing data privacy.
Operate on-premises

Run protected workloads with consistent security policies and container registry support.

Features

Protect digital assets with secure hosting

This tamper-proof environment is built to run digital asset workloads (such as key management, smart contracts, wallets and blockchain nodes) with high levels of security. 

As the underlying infrastructure for the IBM® Digital Assets Platform, it provides hardware-enforced isolation and encryption that keep sensitive data private and protected, even from insiders or system administrators. This built-in protection helps custodians and issuers operate confidently in regulated environments. 

Leverage common registries and infrastructure

Bring your own trusted container registries such as IBM Cloud® Container Registry, Docker Hub or others. Simplify development and CI/CD while maintaining the confidentiality of your application and environment metadata in trusted execution environments.

Encrypt data at rest with TEE-exclusive keys

Protect disk-level data with Linux® Unified Key Setup by using encryption passphrases generated exclusively inside the trusted execution environment (TEE). This ensures data remains protected even if disk images are copied or compromised outside the secure environment.

Secure multiparty collaboration with attested deployment

Enable developers, administrators and operators to work together securely by using encrypted contracts that keep each contribution private. Data and code are protected, even from other collaborators.

Built on zero-trust principles, this approach separates duties and access while ensuring deployment integrity. An auditor persona can verify the final state through a signed, encrypted attestation, ensuring trust without exposing sensitive details.

Resources

Software, hardware and system configuration settings

Understand the hardware and software requirements required for setting up IBM Confidential Computing Container.
IBM Confidential Computing with SUSE® Linux Enterprise Base Container Images

Deploy a workload built with SUSE Linux Enterprise Base Container Images into a hybrid confidential computing environment by using IBM Confidential Computing Container Runtime.

Securing your critical workloads with IBM Confidential Computing Platform

Explore deployment best practices and guides to getting started with IBM Confidential Computing platform on IBM Z and LinuxONE.

Related products

Discover other products in the IBM confidential computing portfolio.
Explore IBM's cold storage solution

Designed to address limitations of current cold storage offerings for digital assets. Available on IBM Z® or IBM LinuxONE.

IBM Confidential Computing for Red Hat ecosystem

Secure sensitive data from development to deployment and throughout its usage in an application with IBM Confidential Computing Container Runtime for Red Hat Virtualization Solutions and IBM Confidential Computing Containers for Red Hat OCP.
Take the next step

Discover how IBM Confidential Computing Container Runtime securely builds, deploys and manages Linux workloads with sensitive data on IBM Z and LinuxONE by using confidential computing technology.

