packages/docs/guides/tee-integration.mdx
Your agent handles API keys, user data, maybe crypto wallets. How do users know you're not logging their secrets?
TEE (Trusted Execution Environment) provides cryptographic proof that your code runs exactly as published - no modifications, no backdoors. Users can verify your agent's integrity before trusting it.
<Tip> **TEE is optional.** Most agents don't need it. Use TEE when you need to prove trustworthiness to users who can't just take your word for it. </Tip>TEE integration allows your ElizaOS agents to run in secure enclaves with:
enum TEEMode {
OFF = "OFF", // TEE disabled
LOCAL = "LOCAL", // Local development with simulator
DOCKER = "DOCKER", // Docker development with simulator
PRODUCTION = "PRODUCTION", // Production with real TEE hardware
}
elizaos create --type project --template tee my-tee-agent
cd my-tee-agent
TEE_MODE=LOCAL
TEE_VENDOR=phala
WALLET_SECRET_SALT=your-secret-salt-min-8-chars
elizaos start
| Variable | Description | Required |
|---|---|---|
TEE_MODE | OFF, LOCAL, DOCKER, or PRODUCTION | Yes |
TEE_VENDOR | TEE provider (phala) | Yes |
WALLET_SECRET_SALT | Secret for key derivation (8-128 chars) | Yes |
export const character: Character = {
name: "SecureAgent",
plugins: [
"@elizaos/plugin-tee", // Add TEE plugin
],
settings: {
secrets: {
TEE_MODE: "PRODUCTION",
TEE_VENDOR: "phala",
WALLET_SECRET_SALT: process.env.WALLET_SECRET_SALT,
},
},
};
Represents an agent registered in the TEE:
interface TeeAgent {
id: string; // Registration record ID
agentId: string; // Core agent identifier
agentName: string; // Human-readable name
createdAt: number; // Registration timestamp
publicKey: string; // TEE instance public key
attestation: string; // Attestation document
}
interface RemoteAttestationQuote {
quote: string; // Base64-encoded attestation quote
timestamp: number; // Quote generation time
}
interface RemoteAttestationMessage {
agentId: string;
timestamp: number;
message: {
entityId: string;
roomId: string;
content: string;
};
}
interface DeriveKeyAttestationData {
agentId: string;
publicKey: string;
subject?: string;
}
ElizaOS supports multiple TEE providers. See the TEE CLI Reference for complete deployment commands.
Primary TEE provider using Intel TDX:
# Login to Phala Cloud
elizaos tee phala auth login <api-key>
# Deploy to Phala
elizaos tee phala cvms create --name my-agent --compose ./docker-compose.yml
# Check status
elizaos tee phala cvms list
elizaos tee eigen deploy
GET /api/tee/status
Response:
{
"status": "active",
"tee_enabled": true,
"vendor": "phala"
}
GET /api/tee/agents
Response:
{
"agents": [
{
"id": "...",
"agentId": "...",
"agentName": "SecureAgent",
"publicKey": "...",
"attestation": "..."
}
],
"attestation": "..."
}
TEE enables secure key derivation within the enclave:
// Keys are derived from the enclave's secure environment
const deriveEcdsaKeypair = (deriveKeyResponse: DeriveKeyResponse): PrivateKeyAccount
const deriveEd25519Keypair = (deriveKeyResponse: DeriveKeyResponse): Keypair
Keys derived in TEE:
TEE_MODE=LOCAL for testingTEE_MODE=DOCKER for integration testsTEE_MODE=PRODUCTION with real hardwareWALLET_SECRET_SALT to version control