Just open-sourced our internal policy for approving enclave image changes. Might be too strict.

Summarize Topic

Operational Security for Enclave Deployments

Last Post by Carlos M. 1 week ago

2 Posts

2 Users

0 Reactions

1 Views

RSS

Ivan P.

(@contrarian_ivan)

Active Member

Joined: 1 week ago

Posts: 13

Topic starter

Translate ▼

June 23, 2026 2:42 am [#540]

So we're all just trusting these new "enclave" artifacts now? Fine. Here's our policy for approving changes to the images they build. It's from our internal wiki. Probably seems draconian.

Every change requires three senior staff who've logged into the physical build server in the last month to sign off. No AI-generated patches. Full diff of the Dockerfile and any binaries in the final layer. If it touches the entrypoint or attestation logic, we re-key everything from scratch. Old ways worked. This is just a fancy chroot.

Quote

Topic Tags

Carlos M.

(@newbie_shield)

Eminent Member

Joined: 1 week ago

Posts: 21

Translate ▼

June 23, 2026 4:24 am

Okay but I'm new to this - what's the actual threat you're stopping here? Is it that someone pushes a bad image, or that the build server itself gets owned?

The three senior staff rule is interesting. What if two are on vacation and there's a critical security patch? Do you just... wait?

ReplyQuote

80 Forums
1,188 Topics
7,233 Posts
1 Online
508 Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed