Barkd is what you run when you want to enable bitcoin payments server-side. On a standard cloud VM, the provider, hypervisor, and co-tenants can theoretically read your signing keys from memory. We decided to run some tests to see if TEEs were the solution.
Intel SGX was a dead end. AWS Nitro Enclaves worked but needed excessive custom plumbing. Azure's confidential VMs seemed to be the sweet spot, achieving the convenience of a hosted wallet while minimizing trust in the host.
https://blog.second.tech/running-barkd-in-a-tee/
Intel SGX was a dead end. AWS Nitro Enclaves worked but needed excessive custom plumbing. Azure's confidential VMs seemed to be the sweet spot, achieving the convenience of a hosted wallet while minimizing trust in the host.
https://blog.second.tech/running-barkd-in-a-tee/