Skip to content

Visual Studio Code and SCONE CrossCompiler

Visual Studio Code is one of our favorite editors. Hence, we combine Visual Studio Code with our SCONE CrossCompiler. We also activate some useful programming language extensions. We also activate a code runner extension; one can compile and run a confidential application with a single click.

VS Code and SCONE CrossCompiler

Deploying Visual Studio Code


  • A Kubernetes cluster
  • Helm is deployed
  • Kubernetes SGX plugin is insatlled
  • We granted you access to the sconeapps repo and to the SCONE IDE images

You can easily deploy Visual Studio Code with helm in a Kubernetes cluster. Since Visual Studio Code requires a password to log in, you need to set this password as a Kubernetes secret named ide-secret:

kubectl create secret generic ide-secret --from-literal=PASSWORD=New-password

Please replace New-password with a new, strong password.

While we do not run Visual Code inside of SGX enclaves, we schedule it on an SGX-capable node (using the SGX Plugin) to ensure that we can run the compiled code inside of SGX enclaves. You can deploy an instance by executing:

helm install vscode sconeapps/vscode

To display Visual Code Studio in your browser, you need to forward the service port to your local machine. Say, you want to present this on localhost:8081, then you can forward the service port as follows:

kubectl port-forward svc/vscode 8081:8081

The Visual Studio instance can now be viewed at:


Please use different Kubernetes namespaces (i.e., add -n MyNameSpace in the commands) in case you want to run multiple instances of Visual Code Studio.


This Visual Code Studio supports the following SCONE CrossCompiler languages:

  • C
  • C++
  • Fortran - note that Fortran is not supported by Code Runner)
  • Go
  • Rust

If you need support for another programming languages, send us an email.


By default, path /home/scone/workspace is mapped to a persistent volume. The files are not encrypted, e.g., the files are accessible admins of the host on which the container is executing. This chart uses the SCONE SGX Plugin to ensure that binaries generated with the help of vscode can run inside of enclaves. Note that vscode itself is executing in native mode.

Note that git is included in the Visual Code image. We recommend the usage of git to ensure the durability of your code.