Lunal's goal is to make it as simple as possible to deploy your code securely in a Trusted Execution Environment. Start by selecting your source repository through a simple interface. You can either connect your GitHub and select a repository or upload your local codebase directly.

After selecting your repository, configure your project with a name, environment type (Development, Staging, or Production), and select the branch you wish to deploy.

Hardware Selection

Select your Trusted Execution Environment hardware option. We offer multiple memory and CPU configurations to match your application needs.

Deployment Configuration

Choose between two deployment approaches: runtime-specific or containerized via Docker. The runtime-specific approach is ideal for language-specific applications where you need fine-grained control over your environment and optimized performance. The containerized approach provides maximum portability and dependency isolation, perfect for complex applications with specific system requirements or legacy dependencies. Lunal automatically suggests the optimal configuration based on your repository contents. You can also explicitly define a runtime using a `lunal.config.yaml` file.

# Example runtime configuration in lunal.config.yaml
runtime:
  language: python
  version: "3.10"
  framework: flask
  requirements: requirements.txt

Once your environment is configured, deploying is a straightforward process. Before deployment, you'll see a summary of your configuration and with one click, you can kick off the deployment process.

Reproducible Builds & Hash Generation

Lunal uses reproducible build pipelines to ensure that the same input code always produces the same output artifacts. Our build process locks in your dependencies, kernel version, compiler toolchain, and build environment to guarantee complete reproducibility.

During the build process, cryptographic hashes are generated for your code and all dependencies. These hashes form a verifiable supply chain that ensures the integrity of your application. Reproducibility is broken if any dependency changes, if build parameters are modified, or if the source code is altered in any way - providing strong guarantees that what's running is exactly what you intended.

Deployment Confirmation

After successful deployment, you'll receive your deployment URL and attestation verification. Your URL will be the gateway to interact with your deployed application.

# Access your deployed application with a sample API call
$ curl https://your-app-name.lunal.dev/api/hello
{"message": "Hello from your secure Luna Lamp application!"}

# Check attestation status to verify your app is running in a trusted environment
$ lunal attestation status --app your-app-name
✅ Application "your-app-name" is running with valid attestation
   Attestation Provider: Intel TDX
   Last verified: 2 minutes ago

The Lunal dashboard provides a comprehensive view of all your deployed applications, their current status, and key metrics at a glance. Monitor deployment health, resource utilization, and access logs all from a single interface.

Lunal provides cryptographic proof that your code is running exactly as intended, in a genuine TEE environment, without tampering or observation. This process is referred to as "Attestation". We create a complete end-to-end verification flow that connects your original source code, your developer signature, the platform build hash, and the running application.

Developer Signing Process

For additional security, you can sign your code using your personal or organizational cryptographic keys. This creates a verifiable link between you as the developer and the deployed code.

When you register with Lunal, you receive a unique public/private key pair that establishes your developer identity. The private key remains exclusively with you, while the public key is registered with the Lunal platform.

Why signing is necessary: When your code is built and deployed to a TEE, it's critical to verify that the code running in production is exactly what you intended to deploy. By signing the hash of your application, you create a cryptographic guarantee that you've approved this specific version of the code. This prevents unauthorized modifications and establishes a clear chain of accountability.

The signing process works as follows:

1. Lunal generates a cryptographic hash of your application during the build process
2. You receive this hash and independently verify it matches your expectations
3. Using your private key, you sign this hash, creating a signature that only you could produce
4. This signature is stored alongside your deployment and becomes part of the attestation record

Now anyone with access to your public key can verify that you personally approved this specific version of the application, without needing access to your private key. This creates a strong guarantee that the code running in the TEE has your explicit approval.

# Sign your code's hash with your private key
lunal sign --hash-file hash.txt --key ~/.ssh/id_rsa

# Upload the signature to Lunal
lunal upload --signature hash.txt.sig --deployment your-app-name

Attestation Dashboard

The attestation dashboard provides visibility into your deployment's security status, including:

• Build Hash verification
• Developer signatures
• Platform measurements showing the chain of trust

Verification API

Lunal provides a complete DCAP-based attestation infrastructure solution. This allows you to or anyone to attest and verify your deployments using your signature.

# Verify attestation via API
curl https://verify.lunal.com/v1/attestations/{deployment-id}/verify

# Or use our CLI
lunal attestation verify --deployment your-app-name

Example API Response

{
  "status": "verified",
  "attestation": {
    "id": "att_8f93jd82",
    "timestamp": "2023-09-15T14:32:19Z",
    "deployment_id": "your-app-name",
    "build_hash": "sha256:7a9d2e4cdf81b7d240ae091df166164f6589a444c25ce98649c9452f9fcc1234",
    "measurements": {
      "mr_enclave": "9a6743fc25ed8c83f48d9d453b5ccf8b6239c41ebeda4c5518e5fe33beb89f23",
      "mr_signer": "83d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e"
    },
    "signature_verification": {
      "developer_id": "dev_29fja92",
      "signature_valid": true,
      "key_id": "4f:23:98:71:e4:...:35:0a"
    },
    "platform_verification": {
      "tcb_status": "up_to_date",
      "qe_identity_status": "valid"
    }
  }
}

Example CLI Response

✅ Attestation verification complete for deployment: your-app-name
Deployment ID:     your-app-name
Build Hash:        sha256:7a9d2e4cdf81b7d240ae091df166164f6589a444c25ce98649c9452f9fcc1234
Verification Time: 2023-09-15 14:32:19 UTC

TEE Measurements:
  MR_ENCLAVE:      9a6743fc25ed8c83f48d9d453b5ccf8b6239c41ebeda4c5518e5fe33beb89f23
  MR_SIGNER:       83d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e

Developer Signature: VALID ✓
  Developer:        John Doe (dev_29fja92)
  Key Fingerprint:  4f:23:98:71:e4:...:35:0a

Platform Verification: SECURE ✓
  TCB Status:       Up to date
  QE Identity:      Valid

The deployment is running in a genuine TEE environment with verified code integrity.

Logs Dashboard

Monitor your application through our centralized logging system with search and filter capabilities for quick debugging. Real-time log streaming helps you identify and resolve issues promptly.

Performance Metrics

Track your application's performance with real-time resource utilization graphs, response time metrics, and automatic anomaly detection. Get insights into CPU, memory usage, network traffic, and other critical performance indicators.

Encrypted Monitoring

For sensitive applications, our encrypted monitoring feature ensures maximum confidentiality of your application logs and performance data. All logs from within your deployed application can be encrypted using your public key.

This end-to-end encryption means that only you, with your private key, can decrypt and view the monitoring data. Even our platform administrators cannot access your sensitive log information, providing you with unparalleled security guarantees for compliance and privacy requirements.

Alerting & Notifications

Set up custom alerts based on log patterns or performance thresholds to receive instant notifications when your application requires attention. Integrate with your preferred notification channels including email, Slack, or SMS.