Introducing Cape: Encrypt, Deploy, Run

Cape is an easy way to run serverless functions on encrypted user data while keeping it confidential; it is serverless confidential computing. Try our beta for free.

If it were easy to build secure apps, everyone would be doing it.

I believe developers want to protect their user's data. Data breaches happen because security is HARD. Security and privacy techniques require a ton of expertise, attention to tiny details, and a massive time commitment. Building an app requires focus on the features and a great user experience. If your app works, and you have the resources, then you may turn your focus to security and privacy, but unfortunately this part often gets side-lined. We're building Cape because we've been there, and we want security and privacy features to be easy for every developer—so easy that secure becomes the default. Whether you are new to coding, or a seasoned security expert, Cape can help you build more secure apps.

Cape Encrypt

Let's start with an example: If you want to encrypt some data, Cape makes that easy:

cape encrypt 'HelloWorld' > encrypted.data

With a single command, Cape encrypts the input and stores the encrypted result in a file. You can encrypt text, photos, videos, databases, individual fields, or whatever else you'd like. Cape encryption is fast. And best of all, you don't need to manage keys, select encryption protocols, or spend any time implementing it. When a user enters data into your app, you can cape encrypt it right away. Then you can cut it, paste it, save it, load it, check it like Daft Punk; and sleep well knowing that your user's data is completely confidential.

Cape Run

cape encrypt takes care of protecting your user's data "at rest" and "in transit", but what about data "in use"? Users put data into your app for a reason, so you can process it and provide them with some of that sweet, sweet value. Securely processing encrypted data with Cape is also easy:

cape run sentiment-analysis -f encrypted.data > 92.88% positive

Or in JavaScript:

const encryptedData = cape.encrypt('Hello World');
const result = await cape.run({ 'sentiment-analysis', encryptedData });
console.log(result); // 92.88% positive

Or Python:

encryptedData = cape.encrypt('Hello World')
result = cape.run('sentiment-analysis', encryptedData)
print(result) # 92.88% positive

Or Go:

encryptedData, _ := cape.encrypt("Hello World")
result, _ := cape.run(encryptedData)
fmt.Println(result) // 92.88% positive

This is where Cape gets really fancy. With Cape, your encrypted data can only be processed within a "secure enclave", which is an isolated VM. The enclave has no storage, no network, and no interactive user access. No one can see what the enclave is processing; it's a black box. The enclave is the only thing that has access to your private keys to process your data. You have a direct, end-to-end encrypted connection with the enclave to send inputs and receive results. And when the enclave finishes running, it is forever destroyed, leaving no traces even in memory.

Cape Deploy

You can build and deploy any function with Cape:

cape deploy style-transfer cape run style-transfer -f image.jpg

The function itself is also Cape encrypted, which protects your IP and any secrets embedded in the code. And all inputs to the function are automatically encrypted before being sent to the enclave. Cape ensures confidentiality from start to finish.

Try Cape

Putting it all together you can encrypt data, deploy functions, and run functions on the encrypted data, keeping your user's data confidential. You may be a developer in a regulated industry like finance, healthcare, or government; or you may be building consumer apps in spaces like social or gaming, but regardless of what you are building, Cape is an easy way to secure your user's data. Encrypt the data when you first collect it, directly on your user's device, and keep it encrypted throughout its entire lifecycle. You can try it right now for free. Install Cape:

curl -fsSL https://raw.githubusercontent.com/capeprivacy/cli/main/install.sh | sh; cape signup

Check out the Getting Started Docs. We'd love to hear what you think. The rest of the team and I are hanging out on Discord right now. Drop in and say hello. We're excited to hear what you're building. If you'd like some ideas, checkout our Demos site, and our functions repo. Cape is the easiest way to run serverless functions on your user's data while keeping it confidential. No ops or crypto required.