Systems and methods for encrypted container image management, deployment, and execution

Assignee

• CTRL IQ, Inc. · US

Inventors

• Cedric Clerget · Ormenans, FR
• Ian Kaneshiro · East Lansing, US
• Gregory Kurtzer · Albany, US
• John Frey · Sammamish, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/062
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A controller is provided to construct and run a container from one or more encrypted container images without persisting any decrypted data from the one or more encrypted container images to non-volatile storage at any time. The controller may retrieve a container image with encrypted first data and encrypted second data, and may store the container image to non-volatile storage of a particular node. The controller may construct a container by mounting the container image as part of an encrypted file system of the container. During runtime execution of the container, the encrypted first data may be extracted and decrypted from the file system in response to a file system request for the encrypted first data, and the decrypted first data may be entered into volatile storage of the particular node while the encrypted first data and the encrypted second data are retained on the non-volatile storage.