Fully managed¶
Learn what fully managed includes, what Caution manages, and what you still control.
Overview¶
Fully managed deployments run on Caution's infrastructure. You push code, and Caution builds the container image with standard Docker, deploys it, and hosts your application in a secure enclave. It is best for teams that want:
- Fastest path to production
- Caution-hosted infrastructure
- Minimal infrastructure setup before your first deployment
For a side-by-side comparison with other deployment options, see deployment models.
Responsibility split¶
Fully managed means Caution manages the enclave lifecycle and underlying infrastructure, while you retain control over your application and its configuration.
Caution handles:
- Infrastructure and billing
- Standard Docker application builds
- Enclave lifecycle management
- Network routing and public ingress
You control:
- Your application source code
- Procfile configuration
- Custom domain (optional)
In this model, you keep control of your application code and configuration while Caution operates the deployment environment on your behalf.
How it works¶
To deploy with fully managed, you'll need a containerized application, Docker with the containerd image store enabled, and a Caution account.
You will also need a Procfile that tells Caution how to run your application and, if needed, which Containerfile to build. The examples below show a minimal configuration, plus an optional app_sources entry for source verification.
# Minimal `Procfile`
run: /app/server
# Example with source verification enabled
run: /app/server
app_sources: https://codeberg.org/myorg/myapp
Caution builds from the repository root with docker build -f <containerfile> .. It does not run a custom build command or pass extra Docker build arguments, so public build-time values must be part of the Containerfile or files copied into the image. Use Locksmith for secrets.
Once you have everything in place, the setup flow looks like this:
- Create an account, install the CLI (Linux (x86_64) or macOS (arm64)), and register an SSH key.
- Initialize your application with a
Procfile, then push your code to Caution. - Caution runs the standard Docker build, provisions the deployment, and runs your application in a managed enclave environment.
Setup guide
For the full step-by-step setup and deployment flow, see the fully managed guide.
See also¶
-
Bring your own compute
Run Caution enclaves in your own AWS account.
-
Procfile
Configure how your application runs and verifies.
-
Set up a custom domain
Use your own domain name for deployments.
-
Deployment configuration
Configure source verification and networking options.