Red Hat OpenShift sandboxed containers 1.11 and Red Hat build of Trustee 1.0 accelerate confidential computing across the hybrid cloud

Red Hat OpenShift sandboxed containers 1.11 and Red Hat build of Trustee 1.0 accelerate confidential computing across the hybrid cloud OpenShift sandboxed containers 1.11: A focus on security and enterprise readiness Red Hat build of Trustee 1.0: Simplifying the configuration and deployment Production-ready on Azure: Confidential containers GA on Azure Red Hat OpenShift Expanding to bare metal: Technology preview for Intel TDX and AMD SEV-SNP Real-world use cases and problems solved What's next Try confidential containers on OpenShift today Red Hat OpenShift Container Platform | Product Trial About the authors Ariel Adam Marcos Entenza Jens Freimann Danilo de Paula More like this File encryption and decryption made easy with GPG Deploy Confidential Computing on AWS Nitro Enclaves with Red Hat Enterprise Linux What Is Product Security? | Compiler Technically Speaking | Security for the AI supply chain Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share Red Hat is excited to announce the release of Red Hat OpenShift sandboxed containers 1.11 and Red Hat build of Trustee 1.0, marking a significant milestone in our confidential computing journey. These releases bring production-grade support for confidential containers in Microsoft Azure Red Hat OpenShift and introduce technology preview support for bare metal environments with Intel TDX and AMD SEV-SNP processors. Organizations can now protect their most sensitive workloads with hardware-based memory encryption and attestation capabilities across cloud and on-premises infrastructure. Across both cloud and bare metal, OpenShift sandboxed containers 1.11 introduces features that harden your security posture and improve usability. Secure by default : We are implementing a new restrictive agent policy by default. This policy blocks host-level commands like oc exec for confidential containers, providing true isolation from the administrator. A debug mode can be enabled via a pod annotation for development. oc exec Trusted supply chain : We've enhanced support for signed container images, a critical part of a trusted software supply chain. Secure secret release : A key value of attestation is the secure delivery of secrets. Red Hat build of Trustee is used to verify the integrity of a pod before releasing sensitive data, like database credentials or private keys. Such secrets are retrieved from the attestation service. Improved supportability : We have improved our must-gather tooling to automatically collect Trustee logs, making it easier for our support teams to help you troubleshoot attestation workflows.