arkeion cloud
A managed database you can actually verify. In the works — and the engine underneath already runs in production.
your app holds the key
TLS →TLS ↓
gateway SNI passthrough — cannot decrypt
TLS →TLS ↓
your arkeiond holds the key
- You buy a database
- Not a cluster, not a control plane to babysit. You get a connection string — host, port, credentials, CA — and everything else is our problem.
- We cannot read your data
- The gateway passes TLS straight through to your database — we never terminate it, so we never see plaintext. Zero knowledge by architecture, not by promise.
- A cloud you can verify
- verify() and integrity anchors work against the managed service too: you can prove, cryptographically, that nobody touched your records. No other cloud database offers that.
- Boring operations
- One file per database means backup and restore are file copies. Migration onto the service is arkeion-migrate — from SQLite or Postgres, upload a file or stream a live connection.
Proven in our own production first
We do not sell what we do not run. The edge nodes behind quota.at persist every configuration change and every request log in arkeion — it replaced Postgres and Redis there outright. quota is arkeion's first trial by fire; the managed service ships when it has earned it.
Until then
The engine is open source and on crates.io today. Embed it, break it, tell us what you find.