Cloud Providers
Polaris Pro can currently be deployed on Google Cloud Platform and Microsoft Azure using their respective Confidential Computing, Key Management, and Attestation services. In all cases, all resources are provisioned on the client's infrastructure, and Fr0ntierX has no ability to access any data or services. All components of the provisioned stack are open-source and can be audited by the client.
Google Cloud Platform
When deploying Polaris on Google Cloud Platform (GCP), a Confidential Virtual Machine (CVM) is provisioned for each Polaris container. The VM is created using a public Polaris image based on the Google Container-Optimized OS and automatically starts the Polaris Proxy along with the configured Client Workload. There are some limitations on the machine configurations that support Confidential Computing. For more information, please refer to the Google Cloud documentation.
You can deploy Polaris on GCP using the Polaris VM offer in the Google Cloud Marketplace.
Key Management on GCP
The private encryption key is created using Cloud KMS and stored inside an HSM. A dedicated service account is granted permission to use the key for cryptographic operations, and this account can only be accessed via a Workload Identity Pool. The Workload Identity Pool is configured to use OIDC tokens from the Google-managed vTPM, which are automatically generated and refreshed inside the Polaris Pro VM. The Polaris Proxy manages all required access to the Workload Identity Pool, ensuring this process is transparent to the user.
In the future, you will be able to customize the attestation policy to include additional conditions, such as the Docker image hash of the proxy and the workload.
It is good practice to deploy the KMS in a separate project (or even tenant) and strictly separate users who have access to the key from those who access the encrypted data. If you are interested in implementing this solution, please get in touch.
Microsoft Azure
Polaris containers on Microsoft Azure are provisioned using confidential Azure Container Instances. For each Polaris instance, a confidential container group is created, containing separate containers for the Polaris Proxy and the Client Workload. Some limitations on the CPU count and memory size of the container instances apply. Please refer to the Azure documentation for more information.
You can deploy Polaris on Azure as a Managed Application using the offer in the Azure Marketplace. The Managed Application is configured to grant you full access to all resources, while access by Fr0ntierX to the resources is strictly prohibited.
Key Management on Azure
The private encryption key is created using Azure Key Vault and stored inside an HSM. The key can be accessed within the Polaris Pro container via the Secure Key Release (SKR) feature. This is implemented using the official Azure Secure Key Release Sidecar container. The SKR container is responsible for generating the remote attestation from the CPU, verifying it with the Microsoft Azure Attestation (MAA) service, obtaining a token, and releasing the key. The private key is then imported into the encrypted memory of the Polaris Proxy container, enabling it to encrypt data.
In the future, you will be able to customize the attestation policy to include additional conditions, such as the Docker image hash of the proxy and the workload.