Deploy on Caution-managed infrastructure¶

Deploy your first application on Caution's fully managed platform using AWS Nitro Enclaves. Your first deployment should take about 10 minutes.

What is fully managed?¶

Fully managed is a deployment model where Caution hosts and operates the deployment environment end-to-end on Caution-managed infrastructure. For full details, see the fully managed reference.

AWS Nitro support today

Caution currently supports deployments on AWS Nitro Enclaves. We are actively working on support for Intel TDX, AMD SEV-SNP, and TPM 2.0 attestations.

What you need¶

Before you begin, ensure you have the following:

What you'll need	Details
Access code	Request access at info@caution.co
Passkey	Browser or platform passkey, password manager passkey, or security key or smart card (YubiKey, NitroKey, or LibremKey)
CLI	Supported today on Linux (x86_64) or macOS (arm64) (install)
Git	For cloning and pushing repositories (install)
Docker	With containerd image store enabled (install)
Containerized app	Your application must be containerized

Install the CLI¶

Follow the installation instructions in the CLI README.

Create an account¶

To create an account, you'll need a valid access code and a passkey. You can register in the browser or with the CLI.

If you do not have an access code, request one at info@caution.co.

CLIBrowser

caution register --alpha-code <your_code>

Go to dashboard.caution.co
Enter your access code
Use your passkey method
Click Continue
Approve Passkey interaction when prompted

Add an SSH key¶

Add an SSH key so you can authenticate your Caution deployments:

CLIBrowser

caution ssh-keys add --from-agent

Add an SSH key from the browser dashboard.

Select an application¶

Deploy your own containerized application, or start with one of the Caution demo apps. For this guide, use hello-world-enclave:

git clone https://codeberg.org/caution/demo-hello-world-enclave.git
cd demo-hello-world-enclave

Initialize the application¶

From your application directory, run the following command to create a Procfile and other data required for the application:

caution init

A Procfile defines how to run your application and which ports to expose. If you're using one of Caution's demo apps, a Procfile is already included. If you're deploying your own application, you'll need to create one. See the Procfile reference.

At minimum, your Procfile should specify how to run your application:

run: /app/server

For source verification, add your repository URL:

run: /app/server
app_sources: https://codeberg.org/myorg/myapp

Deploy the application¶

From your application directory, push the code to Caution:

git push caution main

Caution builds a reproducible enclave image and deploys it into the enclave.

Verify the deployment¶

From your application directory, run the following command to rebuild the image, compare hashes, and confirm exactly what the enclave is running:

caution verify

Next steps¶

Your application is now running in a verified enclave. Here's what to explore next:

Deployment configuration

Configure source verification and networking options.
Custom domains

Use your own domain name for deployments.
Verifiability

Learn how Caution ensures code integrity from source to production.
Procfile

Configure how your application builds, runs, and verifies.