Skip to content


Cosmian Enclave (formerly MSE) is a solution to provide maximum security to applications and data in the cloud and on-premise.

The solution creates a sealed environment where the application code and data are encrypted at all times, even when in use. It protects code and data against both malicious infrastructure providers that have physical access to the machines and against system administrators that have operating system level access to the machines. Please review the security model to understand the difference with the Cosmian VM

The solution currently allows one-step deployment of Python (FastAPI or Flask) applications as well as Singularity containers.

Use the SaaS offering or run on bare metal machines

SaaS offering

Cosmian operates a SaaS platform offering readily available Cosmian Enclaves. Please navigate to the Cosmian Enclave SaaS top create an account and read the documentation at Cosmian Enclave SaaS to learn how to use the service.

Bare metal machines

Cosmian Enclave runs over Intel SGX-2 machines on-premise or at cloud providers such as Azure and OVH. IaaS offerings should also be soon available on these providers marketplaces.

Cosmian Enclave Bare Metal only contains open-source code, including Cosmian code that anyone can freely audit.

Protect code at a client or other zero-trust location

One of the main uses cases of Cosmian VM is to protect code (and data) at a zero-trust location. This is the scenario of an AI provider deploying a model at a customer location, while wanting to keep it secret, or an HPC cluster that needs to perform secret computations on sensitive data.

The following diagram illustrates the scenario with the two roles:

  • The SGX operator that administers the SGX hardware and runs its data against the confidential code.
  • The code provider that writes confidential code and encrypts it before sending it to the SGX operator


  1. The code, a standard Fast API or Flask application, can be directly encrypted using the Cosmian Enclave CLI tool and passing it the --encrypt flag. This will generate a key, which will be printed on the console, and encrypt the code under that key.
  2. Since the code is encrypted under a decryption key unknown by the SGX Operator, any insecure channel may be used ( HTTP download, email, etc…) to transmit the code to the SGX Operator.
  3. The SGX Operator loads the encrypted code to the Cosmian Enclave using the CLI. This outputs an evidence.json file that should be sent to the code provider.
  4. The code provider verifies the evidence file using the CLI. This ensures that the correct code is loaded in a genuine Cosmian Enclave and that the code has not been tampered with. The file also contains a public key which corresponding private key is only known to the Cosmian Enclave and cannot be recovered by the SGX Operator.
  5. Using the public key and the CLI, the code provider encrypts a secrets.json file that contains the code decryption key and any other secrets to be made available to the application code running in the Cosmian Enclave.
  6. The Cosmian Enclave can now decrypt the code inside its encrypted memory and run it.

The data provider, can then send its data to the endpoints of the application over a secure HTTPS channel ending in encrypted memory.

What does the Cosmian Enclave protect?

The Cosmian Enclave provides a wholly sealed encrypted runtime environment.

sealed env.

It protects all data and code against the infrastructure provider with physical access to the hardware infrastructure.

It also protects data and code from privileged users with system-level access to the machine. Such users:

  • Cannot alter the integrity of data and code in the protected area of the TEE.
  • Cannot access the unique TLS server key of the application inside the TEE or decrypt the TLS session and hence the data exchanged on those sessions.
  • Cannot access the secret key used to encrypt the code and recover the code in plaintext.
  • Cannot read the data persisted to the storage of the application tied to the TEE.

These security assumptions hold as long as the Intel SGX and its software stack known as the Trusted Computing Base ( TCB) security hold. The latest vulnerabilities, attacks, and patches are available on Intel website.

© Copyright 2018-2024 Cosmian. All rights reserved.