Encryption via ephemeral private key

Fr0ntierX’s Polaris Secure Containers utilize Confidential Virtual Machines (CVM) to isolate Docker workloads within a fully encrypted environment – CVMs offer full memory encryption with minimal overhead, shielding data from both the cloud provider and internal IT resources. With Polaris, sensitive information remains encrypted at all stages: at rest, in transit, and during use.

Polaris encrypts all communication via an ephemeral private key, which is managed by the Polaris secure proxy inside the TEE. This offers additional protection from internal risks such as compromised load balancers. Since encryption is handled transparently within the TEE, no workload changes are necessary. Additionally, Polaris SDK can easily implement encrypted communication on other servers or devices.

All responses are automatically encrypted with the public key provided by the user’s request, and Polaris SDK securely and easily decrypts the information.

Secure by Design

• Data Encryption: Security at all stages – at rest, in transit, and in use

• Complete Isolation: Workloads shielded from cloud providers and internal IT resources

• Transparent Encryption: All requests and responses are automatically encrypted and decrypted

• No Modifications Required: No workload changes necessary

Key Benefits

● Memory encryption (encryption in use)

● Ephemeral key (TEE)

● Stateless workloads

● Optional input and output encryption

Why Polaris?

The Polaris Secure Container provides continuous encryption, securing data throughout its lifecycle by isolating existing stateless Docker workloads within a TEE, shielding information from cloud providers with an option to enhance input and output encryption for increased security.