Deploy confidential applications with Phala Cloud’s managed TEE infrastructure. TEE.
volumes
to connect to the Dstack API by mounting its socket file (/var/run/tappd.sock
) into the container. This allows the Jupyter Notebook running inside the TEE to interact with the Dstack service like generate a remote attestation, get a TLS key, or generate a key for chains like ETH (ECDSA, K256 curve
) or SOL (ed25519
).
For development convenience, this setup grants sudo privileges inside the container (environment
), runs the Jupyter server with root user permissions (user
), and starts the notebook with token-based authentication using the TOKEN
environment variable (command
).
user-data
argument allows you to attach your own data to the RA report.
user-data
. This way, anyone can verify the execution of your application by extract the public key from the RA report and checking the signature with the public key.