Encrypted and secure docker containers

Question

We all know situations when you cannot go open source and freely distribute software - and I am in one of these situations.

I have an app that consists of a number o

Answer 1

If you want a completely secure solution, you're searching for the 'holy grail' of confidentiality: homomorphous encryption. In short, you want to encrypt your application and data, send them to a PC, and have this PC run them without its owner, OS, or anyone else being able to scoop at the data. Doing so without a massive performance penalty is an active research project. There has been at least one project having managed this, but it still has limitations:

1. It's windows-only
2. The CPU has access to the key (ie, you have to trust Intel)
3. It's optimised for cloud scenarios. If you want to install this to multiple PCs, you need to provide the key in a secure way (ie just go there and type it yourself) to one of the PCs you're going to install your application, and this PC should be able to securely propagate the key to the other PCs.

Andy's suggestion on using the TPM has similar implications to points 2 and 3.