Zero Trust Starts Here: Validated Patterns For Confidential Container Deployment
Red Hat, Monday, August 4th, 2025
Confidential computing leverages a trusted execution environment (TEE) to protect memory in use, which helps ensure encryption for data at rest, in transit, and in use.
Confidential Containers (CoCo) combine the TEE with Kubernetes deployments. Deploying a TEE at the pod level allows strong isolation of workloads, not just from other workloads on the cluster, but also from cluster administrators.
The challenge with Confidential Containers is in getting started. Making the decision to deploy a pod into a confidential container is a single line change to a pod manifest.