Tinfoil Logo

Preview AccessTinfoil Containers

Get Access to Tinfoil Containers

Tell us a bit about your use case and we'll get back to you as soon as possible.

View Docs

Deploy any container in a secure enclave.

At Tinfoil we've been running all our AI models in secure enclaves. Tinfoil Containers makes the same infrastructure and security guarantees available for running your own custom workloads. Our SDKs provide out-of-the-box client-side attestation verification.

  • Deploy any Docker container

  • Zero-downtime updates

  • Client-side attestation verification

  • Debug environments

  • Support for private containers

  • Automatic health monitoring

Supported Enclave Platforms

UC Berkeley

Running our own custom Docker container on Tinfoil Containers is a major unlock. It lets us run our full end-to-end system in trusted hardware using the same simple Python SDK we already use to call Tinfoil's embedding and LLM models. Serverless enclaves have finally arrived!

Darya Kaviani

The Open Anonymity Project

When building The Open Anonymity Project at Stanford and UMich, we were using Azure's confidential containers (ACI) which is a nightmare to set up correctly, from TLS certificate binding, hardware measurements, reproducible image digests, etc. We can do the same thing on Tinfoil Containers in <20mins with the nice attestation SDK, clear docs, debug mode, almost zero update down time, and transparent architecture that everyone can audit.

Erik Chi

Workshop Labs

We have fast deployment cycles for servers that we run on Tinfoil TEEs to guarantee customer privacy. Tinfoil Containers makes the TEE deployment friction almost nonexistent and lets us iterate quickly. It's an important step towards the future where most ML workloads are secured by running on verifiably-private TEEs.

Rudolf Laine

Pricing

Compute (4 CPUs + 16GB)$0.28/hr
Platform Fee$1,000/mo
Estimated total$1,204/mo

Based on 730 hours/month for compute costs.

1
4
16GB
0

Enterprise

Need private registries, custom configurations, realtime support, or SLAs? Contact us to explore Enterprise plans.

Researchers

If you're a researcher looking to use Tinfoil Containers, contact us to discuss discounted pricing.

Getting Started

  1. 1

    Create new repo with the template

    Use the containers template as a starting point

  2. 2

    Configure your container

    Set your container image, ports, secrets, and resources in tinfoil-config.yml

  3. 3

    Push a Git tag to deploy

    Each tag creates an auditable record in the transparency log

  4. 4

    Access your container

    Available at https://<name>.<org>.containers.tinfoil.dev

shim-version: <version>@sha256:<hash>
cvm-version: <version>
cpus: 2
memory: 8192
# Container configuration
# Note: image must include SHA256 hash (e.g., image:tag@sha256:abc123...)
containers:
  - name: "hello-world"
    image: "hashicorp/http-echo:latest@sha256:fcb75f...0a186"
    command: ["-listen=:8080", "-text=Hello from a Tinfoil Container!"]
    env:
      - LOG_LEVEL: "info"
    secrets:
      - API_KEY
# Shim configuration
# Maps external port 443 -> container port 8080 (where http-echo listens)
shim:
  listen-port: 443
  upstream-port: 8080
  paths:
    - /*
View Template on GitHubHello World Example

Connecting to Your Container

Use Tinfoil's SecureClient SDKs to make attested requests. Every connection is verified against the enclave's attestation report before any data is sent.

Case Study

Our Web Search Agent

We've been running a web search agent on Tinfoil Chat, our private chat interface. It's a lightweight CPU-only Tinfoil Container that orchestrates private web search, calling Tinfoil Inference for LLM reasoning and Exa for web results, all from inside a secure enclave. Search queries are generated within the enclave, sent directly to Exa, and authenticated with a shared Exa API key so no individual user can be linked to a query.

Private AI Web Search

How We Implemented Private AI Web Search

Read blog post

Fully Featured

Everything you need to run containerized workloads with verifiable privacy.

Any Docker image

Bring any Docker image and deploy it in a secure enclave.

Attestation

Our SDKs verify the enclave's attestation on every request, ensuring application code integrity.

Automatic, zero-downtime updates

Update your enclave by pushing a new tag to the container configuration repository.

Debug Mode

Use a debug enclave environment to develop and troubleshoot your application before deploying to prod

Private containers

Pull private images from Docker registries. Verification is performed relative to the pinned container hash.

Health Checks

Built-in health monitoring ensures your containers are always running and responsive.

System Metrics

Monitor CPU, memory, and GPU usage with real-time system metrics.

Custom Domains

Run your Tinfoil Container behind your own custom domain.

Resources

Learn how to deploy and manage containers on Tinfoil:

Quickstart

Deploy your first container in about 5 minutes

Configuration Reference

Full reference for tinfoil-config.yml

Secrets & Variables

Manage sensitive configuration securely

Deploying & Updating

Learn how to deploy and update your containers