Build Confidential Go Apps with Ease‚Äč

EGo enables you to run Go apps in Intel¬ģ SGX enclaves with zero code changes.‚Äč

Star Fork

Why EGo

Confidential computing enables the always-encrypted and verifiable processing of data - in the cloud and elsewhere.

Developing confidential apps used to require arcane knowledge and significant code changes. With EGo, you can skip that and develop your Go code as usual.

In the video above, Visual Studio Code is used to debug unmodified HashiCorp Vault running on EGo in an Intel¬ģ SGX enclave in debug mode.

  • Build, debug, and run Go apps as usual
  • Have all the benefits of confidential computing
  • Permissive open-source license (MPL-2)‚Äč
$ sudo snap install ego-dev --classic
$ ego-go build helloworld.go
$ ego sign helloworld
$ ego run helloworld
Loading enclave...
Entering enclave...
Hello from enclave!

How to use‚Äč

With EGo, you don’t need to refactor your app to run it in a secure enclave. Just use three simple commands to build, sign, and run your code - be it 10 or 100,000 lines of Go with complex dependencies.

Want to scale your confidential app? Marblerun - “the service mesh for confidential computing” - has native support for EGo-based microservices and makes it easy to securely scale confidential apps on Kubernetes.

Want to use Intel¬ģ SGX features like sealing or remote attestation? Just import EGo’s enclave library and access everything in a single line of code. For example, get an attestation report for your TLS certificate:

r, err := enclave.GetRemoteReport(sha256.Sum256(cert)[:])


Super secure

All your data and code are kept inside the secure enclaves at runtime. No need to partition your app.

Easy to use

Start by lifting & shifting your existing Go code without changing a line. Use the EGo runtime library to effortlessly access SGX-specific features.

Easy to scale

Marblerun has native support for EGo-based microservices and makes it easy to scale them securely on Kubernetes.

Built on industry standards

EGo builds upon the industry standard Open Enclave. This makes it future-proof and portable to other hardware platforms. EGo also supports the latest DCAP attestation protocol.

Runs everywhere

Don’t have SGX-enabled hardware? No problem! EGo apps run in simulation mode on any host. Also, many cloud providers already offer SGX-enabled VMs.


EGo does not try to simulate a full POSIX environment in your enclave. It just loads as much code as necessary for the Go runtime to work well, keeping the trusted computing base (TCB) small.

Want to build confidential Go apps?‚Äč

Want to build confidential Go apps?‚Äč

Get started ‚Üí


EGo: Effortlessly build confidential apps in Go

We give an intro to EGo and discuss features.

The Open-Source Landscape of Confidential Computing in 2021

We give an overview of the open-source landscape in confidential computing and show where EGo fits in.

4 Use Cases for Confidential Computing

We discuss specialized use cases for confidential computing that can be realized with EGo.

How we built EGo

We share EGo’s design approach, the biggest challenges we faced while developing EGo, and some of our key principles.

Why Do We Need Confidential Computing?

We give an intro to the basics of confidential computing.

How to build and deploy Confidential Computing microservice applications with EGo & Marblerun

We're going to look at how cloud applications are built today and how the principles of Confidential Computing can be applied to them.