Architecture
How Clique Secure Vaults handle authentication, key management, and secure operations.
TEE Enclave
Keys never leave enclave memory.
Auth Flow
OAuth, OTP, WebAuthn → HTTP-only sessions.
Encrypted Storage
Only the enclave can decrypt persistence.
SGX Attestation
Cryptographic proof of enclave integrity.
Security Model
- Private keys isolated in TEE
- All ops include attestation quotes
- Zero trust—operators can't access keys
Data Flow
- 1.User authenticates via Auth Endpoints
- 2.Session cookie issued, requests hit Vault Ops
- 3.Enclave signs/attests, returns response