Out-of-the-box benefits of using and deploying with dstack

Hardware-Enforced Isolation

Every workload runs inside a processor-level Trusted Execution Environment (TEE). The CPU encrypts memory on the fly, sealing it off from the operating system, hypervisor, and anyone with physical access.

Remote Attestation

DStack exposes a built-in attestation API that packages cryptographic evidence of the exact code, configuration, and TEE firmware your service is running on. Third parties can verify this proof before exchanging secrets or traffic.

Zero-Code-Modification Deployment

Container images that work in staging can be deployed directly to DStack with no SDK, no recompilation, no enclave-specific branches. The platform transparently adds the security layer at runtime.

Decentralized Key Management

Encryption keys are issued, rotated, and retired through a blockchain-backed coordination service. Key custodianship is distributed with no single vault to breach or subpoena.

Automated Certificate Lifecycle

TLS certificates are automatically generated, bound to specific enclaves, and renewed just-in-time before expiry. End-to-end encrypted channels with zero downtime and no surprise certificate failures.

Intuitive Web Dashboard

Replace command-line complexity with a real-time dashboard that shows enclave health, performance counters, and audit trails. Scale, pause, or revoke workloads with a click using role-based access control.

dstack lets you push the same containers you run today into CPU-encrypted enclaves, so code and data stay private while hardware-level crypto keeps performance high. Every deployment is attested for integrity, keys live in a shared on-chain vault, TLS certs renew themselves, and all traffic stays encrypted end to end. A point-and-click dashboard replaces CLI wrangling, language-agnostic SDKs plug into any stack, and the platform auto-scales, heals, and logs without leaking sensitive info. You get an immutable audit trail, one-click compliance reports, and a supply-chain filter that blocks unverified images—secure infrastructure without the rewrite. dstack is built to be developer-friendly: it takes care of most security challenges and infrastructure dependencies for you. This means you can build scalable, compliant cloud platforms using simple tools and strong security guarantees—without extra hassle. Move fast, stay safe, and keep your existing workflows.