CanaryBit Tower is a security orchestration tool to provision, control and maintain Confidential VM instances. Tower integrates with a long list of Cloud Service Providers (CSPs), private and bare-metal infrastructure to provide governance of the resources defining your Trusted Execution Environment (TEE).
It implements Infrastructure-as-Code (IaC) and SecDevOps best-practices to provide integrity and state-of-the-art security to your workloads runtime.
- Terraform or OpenTofu installed;
- Credentials to access your Infrastructure provider (either Public Cloud or On-prem);
- A CanaryBit account. (New user? Create an account.)
For setup instructions, API references, and usage examples, read the CanaryBit Tower Technical Documentation.
Contributions are welcome! Please check the CONTRIBUTING.md for details on how to get started.
CanaryBit Tower is a Freemium service: basic features are free for Public Cloud setups while additional features, such as Remote Attestation and On-prem support, are offered via a paid subscription.
The Apache-2.0 License free version contains the Terraform/OpenTofu configurations for deploying Confidential VMs in Public Clouds.
Currently, CanaryBit Tower supports the following platforms and public cloud providers:
| Cloud Platform | AMD SEV-SNP | Intel TDX |
|---|---|---|
| AWS | yes | upcoming |
| Azure | yes | yes |
| GCP | yes | yes |
The Premium version contains the Terraform configurations for deploying Confidential VMs on-premise and for bare-metal setups.
Currently, Tower supports the following virtualisation plaftorms:
- Galaxy server: Support for the Galaxy project for data-intensive computation.
Reach us out at hi@canarybit.eu for more information.
/ The CanaryBit Team