Skip to main content

Overview

Private cloud deployment runs Enclave inside your AWS, Azure, or GCP account. Quelden provides the software; you provide the infrastructure. Network traffic never leaves your VPC.

Architecture

Your VPC
├── Load Balancer (ALB / Azure Front Door / Cloud Load Balancing)
├── Enclave application servers (ECS / AKS / GKE)
├── Managed database (RDS PostgreSQL / Azure Database / Cloud SQL)
├── Object storage (S3 / Azure Blob / GCS) — for ciphertext
└── KMS (your existing CMKs)
Quelden provides a Terraform module that provisions all components.

Prerequisites

  • Cloud account with sufficient IAM permissions to deploy the Terraform module
  • PostgreSQL 14+ compatible managed database (or let Terraform create one)
  • Object storage bucket
  • A KMS CMK for Enclave’s DEK wrapping

Deployment steps

1

Clone the Terraform module

git clone https://github.com/quelden/enclave-terraform
cd enclave-terraform/aws  # or /azure or /gcp
2

Configure variables

# terraform.tfvars
region          = "ap-south-1"
domain          = "enclave.yourcompany.com"
kms_key_arn     = "arn:aws:kms:ap-south-1:123456789:key/..."
db_instance     = "db.r6g.large"
app_instance    = "t3.medium"
3

Apply

terraform init
terraform plan
terraform apply
4

Point your DNS

Add a CNAME record for enclave.yourcompany.com pointing to the load balancer output by Terraform.
5

Activate your licence

Contact hello@quelden.com with your deployment ID (shown in Terraform output) to receive a licence key.

Updates

Enclave releases are published to Quelden’s container registry. Update by pulling the latest image tag and redeploying: 
terraform apply -var="enclave_version=1.4.0"
Migrations run automatically on startup. Always back up the database before updating.