Confidential GPU Pods
Hardware-sealed GPU pods powered by Intel TDX with Protected PCIe. Your data is encrypted in use, in memory, and in transit — the host operator cannot inspect the workload.
What is Confidential Compute?
Confidential Compute pods run inside a Trusted Execution Environment (TEE) powered by Intel TDX (Trust Domain Extensions) and NVIDIA's Protected PCIe. Your code and data are encrypted even while being processed — the host operator and the hypervisor cannot access your workload.
This is ideal for enterprise workloads involving sensitive data, regulated industries (healthcare, finance, defense), or any scenario where you need cryptographic proof that your computation was not tampered with. Every pod is hardware-attested before provisioning.
Hardware Attestation
Every pod is verified via Intel TDX remote attestation before your workload starts. Cryptographic proof that the hardware is genuine and unmodified.
Data Encryption
Memory encryption via TDX ensures data is encrypted in use, at rest, and in transit. Even the host operator and hypervisor cannot read your data.
Zero-Knowledge Compute
The infrastructure provider has zero visibility into your workload. Code, model weights, and training data remain fully private.
Available GPUs
| GPU | Config | vCPU | RAM | Price/hr |
|---|---|---|---|---|
| NVIDIA H200 | h200-small | 14 | 175 GB | $3.60 |
| NVIDIA H200 | h200-medium | 28 | 350 GB | $7.20 |
| NVIDIA H200 | h200-large | 56 | 700 GB | $14.40 |
| NVIDIA H200 | h200-xlarge | 112 | 1400 GB | $28.80 |
| NVIDIA H100 | h100-small | 12 | 150 GB | $2.77 |
| NVIDIA B200 | b200-small | 16 | 192 GB | $7.50 |
Pricing is dynamic. The authoritative feed is GET /api/volt/machines — filter for entries flagged confidential_compute: true and use the resource_namefield when deploying.
Deploy via API
Step 1: List Inventory
Query available Confidential GPU machines and live pricing. The endpoint returns Intel TDX tiers only — non-confidential hardware is filtered out server-side. Grab the resource_name for the tier you want to deploy on.
| Method | Endpoint | Auth |
|---|---|---|
| GET | /api/volt/machines | X-API-Key |
curl -X GET "https://api.voltagegpu.com/api/volt/machines" \ -H "X-API-Key: YOUR_API_KEY"
[
{
"name": "H200 [Confidential]",
"price": 3.60,
"rental_rate": 3.60,
"p_min": 2.40,
"p_max": 3.60,
"base_price": 2.40,
"total_gpu_count": 8,
"k": 1,
"provider": "confidential",
"resource_name": "h200-small",
"gpu_type": "H200",
"gpu_count": 1,
"vcpu": 32,
"memory": 256,
"confidential_compute": true
}
]Step 2: Deploy a Pod
Create a confidential pod. Set provider to "confidential" and pass the resource_name you picked from the inventory.
| Method | Endpoint | Auth |
|---|---|---|
| POST | /api/volt/pods | X-API-Key |
Request Body
provider | required | Must be "confidential" for confidential pods |
name | required | Pod name (alphanumeric, hyphens allowed) |
resource_name | conditional | From inventory, e.g. "h200-small". Required unless template_uid is provided. |
image | conditional | Docker image (e.g. "pytorch/pytorch:2.5.1-cuda12.4-cudnn9-devel"). Required unless template_uid is provided; overrides the template image when both are set. |
template_uid | optional | Curated template uid from GET /api/volt/templates.image, resource_name, commands, args and ports are inherited from the template manifest. |
ssh_key_uids | optional | Array of SSH key IDs to attach (one of your existing keys is auto-synced if omitted). |
cost_per_hour | ignored | Ignored by the server. Pricing is always resolved from the confidential inventory and the VoltageGPU markup is applied server-side — you cannot influence billing from the client. |
curl -X POST "https://api.voltagegpu.com/api/volt/pods" \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"provider": "confidential",
"name": "my-secure-pod",
"resource_name": "h200-small",
"image": "pytorch/pytorch:2.5.1-cuda12.4-cudnn9-devel",
"ssh_key_uids": ["key_abc123"]
}'curl -X POST "https://api.voltagegpu.com/api/volt/pods" \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"provider": "confidential",
"name": "deepseek-infer",
"template_uid": "tpl-5npuuq70m1uo"
}'{
"success": true,
"pod": {
"id": "cl_01h...",
"workloadUid": "wl_01h...",
"name": "my-secure-pod",
"resource_name": "h200-small",
"image": "pytorch/pytorch:2.5.1-cuda12.4-cudnn9-devel",
"hourlyPrice": 3.60,
"status": "RUNNING",
"provider": "confidential",
"ssh_command": "ssh wl_01h...@ssh.deployments.targon.com"
}
}Step 3: Check Status
Retrieve the current status of your confidential workload.
| Method | Endpoint | Auth |
|---|---|---|
| GET | /api/volt/pods/:id | X-API-Key |
curl -X GET "https://api.voltagegpu.com/api/volt/pods/wl_01h..." \ -H "X-API-Key: YOUR_API_KEY"
Step 4: Connect via SSH
Once the pod is RUNNING, use the ssh_command returned at creation. Confidential pods are reached through a managed SSH gateway — no direct IP is exposed.
ssh wl_01h...@ssh.deployments.targon.com
Note: The SSH user is the workload UID (workloadUid) returned at creation, not the internal VoltageGPU pod id.
Step 5: Release the Pod
Stop = destroy for confidential pods. There is no pause/resume: tearing down the enclave releases the resource and billing ends immediately. Use POST /api/volt/pods/:id/stop or DELETE /api/volt/pods/:id — both have the same effect.
| Method | Endpoint | Auth |
|---|---|---|
| POST | /api/volt/pods/:id/stop | X-API-Key |
curl -X POST "https://api.voltagegpu.com/api/volt/pods/wl_01h.../stop" \ -H "X-API-Key: YOUR_API_KEY"
Deploy via Dashboard
Deploy Confidential Compute pods visually from the VoltageGPU dashboard.
Browse Inventory
Open Browse Pods and select the Confidential Compute tab to see only the hardware-sealed Intel TDX inventory.
Select a GPU
Choose a config (e.g. h200-small for 1x H200). Cards show live availability and pricing. Click Deploy Secure.
Configure and Launch
Choose a Docker image (default: ubuntu:22.04), attach your SSH key, and deploy. Your pod provisions in 30-90 seconds.
Connect via SSH
Use the SSH command shown in your pod card:ssh <uid>@ssh.deployments.targon.com
Deploy via CLI
Use the volt CLI for quick Confidential Compute operations.
# List available Confidential Compute inventory volt cc inventory # Deploy a Confidential Compute pod volt cc deploy --name my-secure-pod --resource h200-small --image ubuntu:22.04 # List all your pods volt pods list # Destroy a pod (stop == delete for confidential enclaves) volt pods stop <pod-id>
Security and Attestation
Intel TDX (Trust Domain Extensions)
Intel TDX creates hardware-isolated Trust Domains (TDs) that encrypt memory at the CPU level. The hypervisor and host OS are removed from the trust boundary. Before your pod starts, a remote attestation protocol verifies the hardware is genuine Intel silicon running an unmodified TDX-enabled firmware. This attestation report is cryptographically signed and can be independently verified.
GPU Verification
CUDA-level GPU validation confirms that the GPU advertised is the actual hardware executing your workload. This prevents spoofing attacks where a provider might claim to offer an H200 but run your code on lesser silicon.
Upstream confidential network
VoltageGPU is a bridge to an upstream confidential compute network that provides hardware-level Intel TDX attestation at scale. Validators continuously verify compute integrity via remote attestation. You deploy through VoltageGPU with unified billing, SSH key management, and a single dashboard — we handle the plumbing to the confidential inventory.