⚠️ before reading this section, make sure you have covered the following foundational topics:

note: the sections below focus on supplementary and utility modules (such as certbot, ct monitor, iohash, and host api security). these are not required reading for understanding the core dstack platform, but are valuable for deep research or if you need to understand the full security landscape. if you are new to dstack or have not yet reviewed the main systems, we recommend starting with the links above.

Overview: Supplementary Security Modules in dstack

This section provides analysis of the supplementary security modules that enhance dstack’s TEE (Trusted Execution Environment) infrastructure. These modules—Certbot TEE Security, Certificate Transparency Monitor, Host API Security, and IOHash Security—work together to provide comprehensive security coverage across certificate management, monitoring, host operations, and cryptographic verification. Each module addresses a specific security domain while integrating with dstack’s core TEE architecture to provide layered protection and verification capabilities throughout the platform.

Certbot TEE Security

hardware-backed certificate management with TEE-integrated ACME protocol and attestation-bound certificate generation

Certificate Client Security

client-side certificate operations with comprehensive hardware attestation integration and TDX quote verification

CT Monitor Security

continuous certificate transparency monitoring with real-time detection of unauthorized certificate issuance

IOHash Security Architecture

cryptographic hashing utility for content-addressed storage and integrity verification within TEE environments

Host API Security

foundational security interface for TEE host management with hardware-backed attestation and key provisioning