Deploy Your App to EigenCompute

Go from zero to a live app running inside an Intel TDX Trusted Execution Environment on EigenCompute. No prior EigenCloud experience needed. ~15 min

In this guide

What is EigenCompute?
Prerequisites
Install the ecloud CLI
Authenticate
Set up billing
Build your app
Write your Dockerfile
Create a .dockerignore
Build & push Docker image
Prepare your .env file
Deploy — Method A: From Registry
Deploy — Method B: From Verifiable Source
Verify your deployment
Upgrading an existing app
Setting up TLS / custom domain
Troubleshooting
All commands reference
Resources

What is EigenCompute?

EigenCompute is a verifiable compute platform by EigenLayer. You give it a Docker image, it runs your app inside an Intel TDX Trusted Execution Environment (TEE).

What that means for you:

Your code and data are protected even from the host machine operator
Every execution can be cryptographically attested on-chain
You deploy a standard Docker image — no special SDK or code changes needed
You get a public IP, persistent storage, and environment variable injection

The end state: Your Docker image → pulled into a TEE enclave → assigned a public IP → your app is live and verifiable.

Prerequisites

Make sure you have these installed before starting. If you don't have them yet, follow the links.

Tool	Why you need it	Install
Docker Desktop	Build & push container images	docs.docker.com/get-docker
Docker Buildx	Cross-compile to `linux/amd64`	Included in Docker Desktop 4.x+. Verify here
Docker Hub account	Push your image to a public registry	hub.docker.com/signup (free tier works)
Ethereum private key	Authenticate with EigenCompute	You can generate one during setup, or export from MetaMask

Your app can be in any language — Node.js, Python, Go, Rust, etc. If it runs in Docker, it runs on EigenCompute.

Step 1 — Install the ecloud CLI

The ecloud CLI manages everything — auth, billing, deploy, logs, upgrades. One command to install:

curl -fsSL https://raw.githubusercontent.com/Layr-Labs/eigencloud-tools/master/install-all.sh | bash

Source: github.com/Layr-Labs/eigencloud-tools

Verify:

$ ecloud version
Version: 0.3.4

If ecloud is not found after install, restart your terminal or run source ~/.bashrc / source ~/.zshrc.

Step 2 — Authenticate

EigenCompute uses an Ethereum private key for identity and transaction signing. The CLI stores it securely in your OS keyring (macOS Keychain / Linux Secret Service) — never saved to disk in plaintext.

Option A: Already have a private key (e.g. from MetaMask)?

$ ecloud auth login
? Enter private key: 0x7a9f...c3e1
✓ Private key stored securely in OS keyring

Option B: Generate a brand new one:

$ ecloud auth generate --store
✓ New private key generated and stored in OS keyring

Confirm you're authenticated:

$ ecloud auth whoami
Authenticated as 0x1002...976d2

This address is your deployer identity on EigenCompute. Save it — you'll see it in the Developer Console too.

Step 3 — Set Up Billing

EigenCompute requires an active billing subscription before you can deploy. One-time setup — you won't need to do this again.

ecloud billing subscribe

The CLI walks you through payment. Check status anytime:

ecloud billing status

Step 4 — Build Your App

Compile your application and make sure it builds cleanly before containerizing. This step depends on your language:

# Node.js / TypeScript
npm run build

# Python
pip install -r requirements.txt

# Go
go build -o app .

# Rust
cargo build --release

Or if you're using ecloud's scaffolding:

ecloud compute app create --name myapp --language typescript
cd myapp

Supported languages: typescript, python, golang, rust. This generates a project with a Dockerfile and .env.example ready to go.

Step 5 — Write Your Dockerfile

Your app needs a Dockerfile so EigenCompute knows how to run it. Examples for common languages:

Node.js:

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
EXPOSE 3000
USER root
CMD ["node", "dist/index.js"]

Python:

FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 8000
USER root
CMD ["python", "main.py"]

Go:

FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.* ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app .

FROM alpine:3.19
COPY --from=builder /app/app /app
EXPOSE 8080
USER root
CMD ["/app"]

Your app must run as root. This is required by EigenCompute's TEE environment. Make sure USER root is in your Dockerfile.

Step 6 — Create a .dockerignore

A .dockerignore keeps your image small and prevents secrets from leaking into the Docker image.

node_modules
dist
.git
.github
.env
.env.*
*.md
*.log

Your .env file should never be baked into the Docker image. EigenCompute injects it securely at runtime. Add .env to both .dockerignore and .gitignore.

Step 7 — Build & Push Docker Image

Build your Docker image and push it to Docker Hub. The image must be linux/amd64 because EigenCompute runs on Intel TDX hardware.

Log into Docker Hub first:

docker login

Build and push:

docker buildx build --platform linux/amd64 --no-cache \
  -t yourdockerhub/yourapp:v1.0.0 --push .

If you're on an Apple Silicon Mac, Docker defaults to ARM. The --platform linux/amd64 flag forces the correct architecture. Do NOT skip it.

Step 8 — Prepare Your .env File

Create a .env file with your app's runtime secrets and configuration. This file gets encrypted and injected into the TEE at deploy time — your secrets never touch disk unencrypted on the host.

PORT=3000
DATABASE_URL=postgres://user:pass@host:5432/db
API_KEY=sk-your-api-key
SECRET_KEY=your-secret

Do NOT commit your .env to git. Add it to .gitignore. The CLI defaults to looking for .env in your current directory.

Step 9 — Deploy to EigenCompute

Two deployment methods are available. Pick the one that fits your workflow:

Method	When to use	Pros
A — Deploy from Registry	You build the Docker image yourself and push to Docker Hub	Full control over the build, faster iteration
B — Build from Verifiable Source	You want EigenCompute to build from your GitHub repo	Reproducible builds, on-chain build hash verification

Method A — Deploy from Registry (7 prompts)

You've already built and pushed a Docker image (Step 7). Now deploy it. The CLI asks exactly 7 interactive prompts in this order, then immediately starts deploying.

$ ecloud compute app deploy

# Prompt 1
? Build from verifiable source? (y/N) N

# Prompt 2 — Docker image reference
? Enter Docker image reference: yourdockerhub/yourapp:v1.0.0

# Prompt 3 — App name (default: derived from image name)
? Enter app name: myapp

# Prompt 4 — Environment file
? Choose an option:
  ❯ Enter path to existing env file
    Continue without env file
  → Enter path to existing env file
? Enter environment file path: .env

# Prompt 5 — Instance type
? Choose instance:
    g1-micro-1v      — Shared 2 vCPUs, 1 GB memory, Shielded VM (default)
    g1-medium-1v     — Shared 2 vCPUs, 4 GB memory, Shielded VM
    g1-custom-2-4096s — 2 vCPUs, 4 GB memory, SEV-SNP
    g1-standard-2s   — 2 vCPUs, 8 GB memory, SEV-SNP
  ❯ g1-standard-4t   — 4 vCPUs, 16 GB memory, TDX
    g1-standard-8t   — 8 vCPUs, 32 GB memory, TDX
  → g1-standard-4t

# Prompt 6 — Log visibility
? Do you want to view your app's logs?
    Yes, but only viewable by app and platform admins
  ❯ Yes, publicly viewable by anyone
    No, disable logs entirely
  → Yes, publicly viewable by anyone

# Prompt 7 — Resource monitoring
? Show resource usage (CPU/memory) for your app?
  ❯ Yes, enable resource usage monitoring
    No, disable resource usage monitoring
  → Yes, enable resource usage monitoring

Checking if image needs layering...
Pulling image yourdockerhub/yourapp:v1.0.0...
Building updated image with ecloud components...
Publishing updated image to yourdockerhub/yourapp:v1.0.0-layered...

Transaction sent: 0xab3f...7e21
✓ App deployed successfully on EigenCompute
➜ App ID: 0x8F38007B8F7D91c77CEd4dEE0dbD361c130982A7
➜ Public IP: 35.222.154.28

No port prompt — EigenCompute detects the port from your Dockerfile's EXPOSE directive. No confirmation prompt — deployment starts immediately after prompt 7.

Or use flags to skip interactive prompts:

ecloud compute app deploy \
  --image-ref yourdockerhub/yourapp:v1.0.0 \
  --env-file .env \
  --instance-type g1-standard-4t \
  --log-visibility public \
  --resource-usage-monitoring enable

✅ Your app is now running inside a Trusted Execution Environment. Save your App ID — you'll need it for upgrades, logs, and management.

Method B — Build from Verifiable Source (9 prompts)

EigenCompute clones your public GitHub repo, builds the Docker image, and deploys it — all inside the TEE. The build hash is recorded on-chain for third-party verification. No Docker Hub account needed.

Requirements:

Public GitHub repo
Repo must contain a Dockerfile

$ ecloud compute app deploy

# Prompt 1
? Build from verifiable source? (y/N) y

# Prompt 2 — Source type
? Choose verifiable source type:
  ❯ Build from git source (public repo required)
    Use a prebuilt verifiable image (eigencloud-containers)
  → Build from git source

# Prompt 3 — Git repo URL
? Enter public git repository URL: https://github.com/yourusername/yourapp

# Prompt 4 — Git commit SHA (must be full 40-char hex)
# Get yours by running: git rev-parse HEAD
? Enter git commit SHA (40 hex chars): a1b2c3d4e5f6...

# Prompt 5 — Build context path
? Enter build context path (relative to repo): (.) .

# Prompt 6 — Dockerfile path
? Enter Dockerfile path (relative to build context): (Dockerfile) Dockerfile

# Prompt 7 — Caddyfile (optional, for TLS)
? Enter Caddyfile path (relative to build context, optional): ↵

# Prompt 8 — Build dependencies (optional)
? Enter dependency digests: ↵

# Prompt 9 — Environment file
? Choose an option:
  ❯ Enter path to existing env file
    Continue without env file

Building from source with verifiable build...
Cloning repository...
Building Docker image inside TEE...
Recording build hash on-chain...

✓ App deployed from verifiable source
➜ App ID: 0x3322DA88C960D99fd6961b191f674F366761b26b
➜ Public IP: 34.21.146.83

No instance type, log, or monitoring prompts — verifiable builds use default settings. To customize these, use the flags below.

Or use flags:

ecloud compute app deploy --verifiable \
  --repo https://github.com/yourusername/yourapp \
  --commit a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2 \
  --env-file .env \
  --instance-type g1-standard-4t \
  --log-visibility public \
  --resource-usage-monitoring enable

Verifiable builds record the build hash on-chain — anyone can verify at the EigenCompute Verification Dashboard. You can only have one build in progress at a time.

✅ Your app is live with a verifiable, reproducible build.

By default, the CLI deploys to Sepolia testnet. For mainnet, add --environment mainnet to the command:

ecloud compute app deploy --environment mainnet

You can also monitor your app in the EigenCloud Developer Console web UI.

Step 10 — Verify Your Deployment

Your app is deployed — now make sure it's actually running and reachable.

Check app status:

ecloud compute app info --watch

Shows your app's status, public IP, and instance details. --watch auto-refreshes every 5 seconds.

Stream logs:

ecloud compute app logs --watch

See stdout/stderr live — useful for debugging startup issues.

Health check:

$ curl http://<YOUR-PUBLIC-IP>:3000/health
{"status":"ok","tee":"active","version":"1.0.0"}

Replace <YOUR-PUBLIC-IP> with the IP from ecloud compute app info.

✅ If you see a JSON response, your app is live inside an Intel TDX enclave.

Upgrading an Existing App

Already have an app running and want to push a new version? Use ecloud compute app upgrade instead of deploy.

1. Make your code changes & build

npm run build

2. Build & push a new Docker image

Bump your version tag. Same rules — must be linux/amd64.

docker buildx build --platform linux/amd64 --no-cache \
  -t yourdockerhub/yourapp:v1.0.1 --push .

Always use a new tag (e.g. v1.0.1) instead of overwriting latest. Makes rollbacks easy and ensures EigenCompute pulls the correct image.

3. Find your App ID

If you don't remember it:

ecloud compute app list

4. Run the upgrade

ecloud compute app upgrade <APP-ID> \
  --image-ref yourdockerhub/yourapp:v1.0.1 \
  --env-file .env

The CLI will prompt for verifiable source and deployment method — same as initial deploy. Instance type, log visibility, and monitoring settings carry over.

5. Verify

ecloud compute app info --watch
ecloud compute app logs --watch
curl http://<YOUR-PUBLIC-IP>:3000/health

✅ Public IP stays the same after upgrades — no DNS changes needed.

Updating environment variables only

No image change needed — just pass the updated .env:

ecloud compute app upgrade <APP-ID> --env-file .env

Stopping & restarting

# Stop (keeps the app, halts the instance)
ecloud compute app stop <APP-ID>

# Start it back up
ecloud compute app start <APP-ID>

# Permanently delete (irreversible!)
ecloud compute app terminate <APP-ID>

View release history

ecloud compute app releases <APP-ID>

Setting Up TLS / Custom Domain

By default your app is accessible via HTTP on the raw IP. To add HTTPS with a custom domain:

1. Generate TLS config

ecloud compute app configure tls

This creates two files in your project:

Caddyfile — reverse proxy config for automatic HTTPS via Let's Encrypt
.env.example.tls — example TLS environment variables

2. Point your domain

Add an A record in your DNS provider pointing your domain to your app's public IP:

Type	Name	Value
A	@	35.222.154.28

3. Redeploy with TLS

Add the TLS env vars to your .env and upgrade:

ecloud compute app upgrade <APP-ID> --env-file .env

Let's Encrypt certificates are automatically obtained and renewed inside the TEE.

Troubleshooting

App deploys but health check fails

Check logs: ecloud compute app logs --watch
Make sure your app listens on 0.0.0.0, not 127.0.0.1 (common mistake)
Verify the port in your Dockerfile EXPOSE matches what your app actually binds to
Check that all required env vars are in your .env file

`exec format error` on deploy

You built an ARM image instead of linux/amd64. Rebuild with:

docker buildx build --platform linux/amd64 --no-cache \
  -t yourdockerhub/yourapp:v1.0.0 --push .

`ecloud: command not found`

The CLI didn't get added to your PATH. Try:

source ~/.bashrc  # or ~/.zshrc on macOS

If that doesn't work, reinstall:

curl -fsSL https://raw.githubusercontent.com/Layr-Labs/eigencloud-tools/master/install-all.sh | bash

Deploy fails with billing error

You need an active subscription. Run:

ecloud billing subscribe

Image pull fails

Make sure your Docker Hub repository is public, or the CLI has registry credentials
Verify the image exists: docker pull yourdockerhub/yourapp:v1.0.0
Check for typos in the image reference

App crashes on startup

Stream logs: ecloud compute app logs -w
Test locally first: docker run --env-file .env -p 3000:3000 yourdockerhub/yourapp:v1.0.0
Remember the app runs as root — file permission issues are rare but check if your app assumes a non-root user

Testnet vs Mainnet

The CLI defaults to Sepolia testnet. For production mainnet deploys:

ecloud compute app deploy --environment mainnet

All Commands Reference

Authentication

Command	What it does
`ecloud auth login`	Store private key in OS keyring
`ecloud auth generate --store`	Generate a new key and store it
`ecloud auth whoami`	Show authenticated Ethereum address
`ecloud auth logout`	Remove key from keyring

Billing

Command	What it does
`ecloud billing subscribe`	Create billing subscription
`ecloud billing status`	Check subscription status
`ecloud billing cancel`	Cancel subscription

App Management

Command	What it does
`ecloud compute app create`	Scaffold a new project with Dockerfile
`ecloud compute app deploy`	Deploy a new app to EigenCompute
`ecloud compute app upgrade <APP-ID>`	Upgrade an existing app
`ecloud compute app info <APP-ID>`	Show app status, IP, details
`ecloud compute app info --watch`	Live-refresh status every 5s
`ecloud compute app logs <APP-ID> -w`	Stream logs in real time
`ecloud compute app list`	List all your deployed apps
`ecloud compute app releases <APP-ID>`	Show release history
`ecloud compute app stop <APP-ID>`	Stop a running app
`ecloud compute app start <APP-ID>`	Start a stopped app
`ecloud compute app terminate <APP-ID>`	Permanently delete an app
`ecloud compute app configure tls`	Set up HTTPS with Let's Encrypt

Instance Types

Type	Specs	TEE Technology
`g1-micro-1v`	Shared 2 vCPUs, 1 GB memory	Shielded VM (default)
`g1-medium-1v`	Shared 2 vCPUs, 4 GB memory	Shielded VM
`g1-custom-2-4096s`	2 vCPUs, 4 GB memory	AMD SEV-SNP
`g1-standard-2s`	2 vCPUs, 8 GB memory	AMD SEV-SNP
`g1-standard-4t`	4 vCPUs, 16 GB memory	Intel TDX
`g1-standard-8t`	8 vCPUs, 32 GB memory	Intel TDX

Shielded VM (g1-micro, g1-medium) — basic isolation, good for testing. AMD SEV-SNP (g1-custom, g1-standard-2s) — hardware memory encryption. Intel TDX (g1-standard-4t, g1-standard-8t) — full trusted execution with attestation. Use TDX or SEV-SNP for production.

Important Notes

Docker images must be linux/amd64 — ARM will not work on Intel TDX
Your app must listen on 0.0.0.0, not 127.0.0.1 — containers need external network access. This is the #1 cause of "deployed but unreachable" issues
Your app must run as root inside the container (TEE requirement)
Environment variables are encrypted and injected at runtime — never touch disk unencrypted
TEE provides hardware-level isolation — your code and data are protected even from the host machine operator
A KMS signing key is available inside the TEE at /usr/local/bin/kms-signing-public-key.pem for cryptographic attestation
Default environment is Sepolia testnet. Use --environment mainnet for production
Use deploy for first-time, upgrade for updates
Verifiable builds (Method B) record the build hash on-chain — anyone can verify your deployed code matches the GitHub source
g1-micro-1v instances do not support TDX attestation — use g1-standard-4t or higher for production

Resources

EigenCloud Documentation — official docs
ecloud CLI — GitHub — CLI source and README
eigencloud-tools Installer — GitHub — unified installer
EigenCloud Developer Console — web dashboard for your apps
EigenCompute Launch Blog Post — overview and architecture
EigenCompute Ideas — community project ideas
Docker Installation Guide
Dockerfile Reference

Stuck on something? Have questions?

Reach out to @zeeshan8281 on Telegram

Happy to help you get deployed.

Copy for LLM