Architecture

The Anjuna Policy Manager communicates with several cloud resources to securely deliver secrets to client enclaves.

HashiCorp Vault

The Anjuna Policy Manager (APM) is based on HashiCorp Vault. The APM augments Vault’s industry-standard secret management capabilities to provide confidential computing features for Anjuna Confidential Containers.

AMD SEV-SNP on Azure

The diagram below shows how the APM uses Microsoft Azure Attestation, Azure Key Vault, and Azure Storage Account.

A diagram showing how the APM is verified by Microsoft Azure Attestation to retrieve the APM’s secrets from Azure Key Vault. Secrets created for enclaves are encrypted then stored in an Azure Storage Account. The APM verifies enclaves and distributes their secrets.