Architecture

The Anjuna Policy Manager communicates with several cloud resources to securely deliver secrets to client enclaves.

Self-hosted software

Anjuna Seaglass, including the Anjuna Policy Manager, is self-hosted software. You will download the software from the Anjuna Resource Center and install it in your own infrastructure and cloud environment.

Anjuna Seaglass is not software-as-a-service (SaaS). It does not require any telemetry or other runtime dependency on any Anjuna-hosted services.

HashiCorp Vault

The Anjuna Policy Manager (APM) is based on HashiCorp Vault. The APM augments Vault’s industry-standard secret management capabilities to provide confidential computing features for Anjuna Confidential Containers.

AMD SEV-SNP on Azure

The diagram below shows how the APM uses Microsoft Azure Attestation, Azure Key Vault, and Azure Storage Account.

A diagram showing how the APM is verified by Microsoft Azure Attestation to retrieve the APM’s secrets from Azure Key Vault. Secrets created for enclaves are encrypted then stored in an Azure Storage Account. The APM verifies enclaves and distributes their secrets.