Skip to main content

nilCC Quickstart

Get started with nilCC in under 5 minutes by deploying your first secure workload.

info

Before you start building, you'll need a nilCC API Key. Request a nilCC API Key by filling out this form

Deploy Your First Workload

Let's deploy a simple "Hello World" API service that runs in a secure Confidential VM.

Step 1: Create Your Docker Compose File

Create a simple API service:

services:
web:
image: caddy:2
command: |
caddy respond --listen :8080 --body '{"hello":"world"}' --header "Content-Type: application/json"

Step 2: Create Workload

Choose your preferred workload creation method. Both options create the same secure workload

Create a new workload with the nilCC Workload Manager UI. This workload creation method is recommended for first-time nilCC users, visual workflow management, and ongoing monitoring.

nilCC Create Workload

  1. Visit: nilCC Workload Manager
  2. Authenticate: Enter your nilCC API Key to log in
  3. Create New Workload:
    • Name: hello-world-api
    • Docker Compose: Paste the YAML content from Step 1
    • Service to Expose: web (automatically detected)
    • Port: 8080 (automatically detected)
    • Resources: Optionally adjust the resource tier as needed
  4. Deploy: Click "Create Workload" and monitor the deployment status in real-time

Test Your Workload

Access Your Secure API within nilCC

Once deployed, your workload gets a unique domain. Access it at:

# Your workload will be available at a domain like:
curl https://[your-running-workload]

Expected response:

{ "hello": "world" }

Verify Security (Check Attestation)

Prove your workload runs in a secure TEE:

curl https://[your-running-workload]/nilcc/api/v2/report

This returns a cryptographic attestation report proving:

  • Your code runs unmodified in a genuine AMD SEV-SNP environment
  • No unauthorized access to your workload
  • Hardware-guaranteed isolation and encryption

What Happens Behind the Scenes

When you deploy a workload, nilCC:

  1. Creates a Confidential VM with AMD SEV-SNP hardware security
  2. Packages your workload as an ISO with docker-compose.yaml, metadata, and environment variables
  3. Boots securely with dm-verity filesystem verification and LUKS encryption
  4. Deploys containers with automatic TLS certificates via Caddy
  5. Generates attestation linking your TLS certificate to hardware measurements

Next Steps

🎉 Congratulations! You've deployed your first secure workload on nilCC.

Learn More:

Build Something Real:

  • Deploy a secure database with persistent storage
  • Run private analytics on sensitive data
  • Create confidential microservices
  • Build AI/ML workloads with GPU support