What you are asking about is called obfuscation. It has nothing to do with Docker and is a very language-specific problem; for data you can always do whatever mangling you want, but while you can hope to discourage the attacker it will never be secure. Even state-of-the-art encryption schemes can't help since the program (which you provide) has to contain the key.

你问的是所谓的混淆。它与 Docker 无关，是一个非常特定于语言的问题；对于数据，您可以随时进行任何您想做的修改，但是虽然您可以希望阻止攻击者，但它永远不会安全。即使是最先进的加密方案也无济于事，因为程序（您提供的）必须包含密钥。

C is usually hard enough to reverse engineer, for Python you can try pyobfuscateand similar.

C 通常很难进行逆向工程，对于 Python，您可以尝试pyobfuscate和类似的.

For data, I found this question(keywords: encrypting files game).

对于数据，我发现了这个问题（关键字：加密文件游戏）。

The rootuser on the host machine (where the dockerdaemon runs) has full access to all the processes running on the host. That means the person who controls the host machine can always get access to the RAM of the application as well as the file system. That makes it impossible to hide a key for decrypting the file system or protecting RAM from debugging.

该root主机（其中用户docker守护进程运行）拥有完全访问所有主机上运行的进程。这意味着控制主机的人始终可以访问应用程序的 RAM 以及文件系统。这使得无法隐藏用于解密文件系统或保护 RAM 免于调试的密钥。

Using obfuscation on a standard Linux box, you can make it harder to read the file system and RAM, but you can't make it impossible or the container cannot run.

在标准的 Linux 机器上使用混淆，可以使读取文件系统和 RAM 变得更加困难，但不能使其不可能或容器无法运行。

If you can control the hardware running the operating system, then you might want to look at the Trusted Platform Modulewhich starts system verification as soon as the system boots. You could then theoretically do things before the root user has access to the system to hide keys and strongly encrypt file systems. Even then, given physical access to the machine, a determined attacker can always get the decrypted data.

如果您可以控制运行操作系统的硬件，那么您可能需要查看可信平台模块，该模块在系统启动后立即启动系统验证。然后理论上你可以在 root 用户访问系统之前做一些事情来隐藏密钥和强加密文件系统。即便如此，给定对机器的物理访问权限，坚定的攻击者总能获得解密的数据。

Sounds like Docker is not the right tool, because it was never intended to be used as a full-blown sandbox (at least based on what I've been reading). Why aren't you using a more full-blown VirtualBox approach? At least then you're able to lock up the virtual machine behind logins (as much as a physical installation on someone else's computer can be locked up) and run it isolated, encrypted filesystems and the whole nine yards.

听起来 Docker 不是正确的工具，因为它从来没有打算用作成熟的沙箱（至少基于我一直在阅读的内容）。为什么不使用更成熟的 VirtualBox 方法？至少这样你就可以在登录后锁定虚拟机（就像可以锁定其他人计算机上的物理安装一样）并在隔离的、加密的文件系统和整个九码中运行它。

You can either go lightweight and open, or fat and closed. I don't know that there's a "lightweight and closed" option.

您可以选择轻巧和开放，也可以选择胖而封闭。我不知道有“轻量级和封闭式”选项。

If you want a completely secure solution, you're searching for the 'holy grail' of confidentiality: homomorphous encryption. In short, you want to encrypt your application and data, send them to a PC, and have this PC run them without its owner, OS, or anyone else being able to scoop at the data. Doing so without a massive performance penalty is an active research project. There has been at least one projecthaving managed this, but it still has limitations:

如果您想要一个完全安全的解决方案，您正在寻找机密性的“圣杯”：同态加密。简而言之，您希望加密您的应用程序和数据，将它们发送到 PC，并让该 PC 运行它们，而其所有者、操作系统或其他任何人都无法获取数据。在没有大量性能损失的情况下这样做是一个活跃的研究项目。至少有一个项目已经管理过这个，但它仍然有局限性：

1. It's windows-only
2. The CPU has access to the key (ie, you have to trust Intel)
3. It's optimised for cloud scenarios. If you want to install this to multiple PCs, you need to provide the key in a secure way (ie just go there and type it yourself) to one of the PCs you're going to install your application, and this PC should be able to securely propagate the key to the other PCs.

1. 它仅适用于 Windows
2. CPU 可以访问密钥（即，您必须信任 Intel）
3. 它针对云场景进行了优化。如果您想将其安装到多台 PC，您需要以一种安全的方式（即直接去那里并自己键入）向您要安装应用程序的其中一台 PC 提供密钥，这台 PC 应该能够将密钥安全地传播到其他 PC。

Andy's suggestion on using the TPM has similar implications to points 2 and 3.

Andy 关于使用 TPM 的建议与第 2 点和第 3 点具有相似的含义。

I have exactly the same problem. Currently what I was able to discover is bellow.

我有完全一样的问题。目前我能够发现的是波纹管。

A. Asylo(https://asylo.dev)

A. Asylo( https://asylo.dev)

1. Asylo requires programs/algorithms to be written in C++.
2. Asylo library is integrated in docker and it seems to be feаsable to create custom dоcker image based on Asylo .
3. Asylo depends on many not so popular technologies like "proto buffers" and "bazel" etc. To me it seems that learning curve will be steep i.e. the person who is creating docker images/(programs) will need a lot of time to understand how to do it.
4. Asylo is free of charge
5. Asylo is bright new with all the advantages and disadvantages of being that.
6. Asylo is produced by Google but it is NOT an officially supported Google product according to the disclaimer on its page.
7. Asylo promises that data in trusted environment could be saved even from user with root privileges. However, there is lack of documentation and currently it is not clear how this could be implemented.

1. Asylo 需要用 C++ 编写程序/算法。
2. Asylo 库集成在 docker 中，似乎可以基于 Asylo 创建自定义 docker 镜像。
3. Asylo 依赖于许多不太流行的技术，如“proto buffers”和“bazel”等。对我来说，学习曲线似乎很陡峭，即创建 docker 图像/（程序）的人需要很多时间来了解如何去做吧。
4. Asylo 是免费的
5. Asylo 是全新的，具有所有优点和缺点。
6. Asylo 由 Google 生产，但根据其页面上的免责声明，它不是正式支持的 Google 产品。
7. Asylo 承诺即使来自具有 root 权限的用户，也可以保存可信环境中的数据。但是，缺乏文档，目前尚不清楚如何实施。

B. Scone(https://sconedocs.github.io)

B.烤饼（https://sconedocs.github.io）

1. It is binded to INTEL SGX technology but also there is Simulation mode(for development).
2. It is not free. It has just a small set of functionalities which are not paid.
3. Seems to support a lot of security functionalities.
4. Easy for use.
5. They seems to have more documentation and instructions how to build your own docker image with their technology.

1. 它与 INTEL SGX 技术绑定，但也有模拟模式（用于开发）。
2. 它不是免费的。它只有一小部分不付费的功能。
3. 似乎支持很多安全功能。
4. 易于使用。
5. 他们似乎有更多的文档和说明如何使用他们的技术构建自己的 docker 镜像。

For the Python part, you might consider using Pyinstaller, with appropriate options, it can pack your whole python app in a single executable file, which will not require python installation to be run by end users. It effectively runs a python interpreter on the packaged code, but it has a cipher option, which allows you to encrypt the bytecode.

对于 Python 部分，您可以考虑使用Pyinstaller，通过适当的选项，它可以将您的整个 Python 应用程序打包在一个可执行文件中，这不需要最终用户运行 Python 安装。它有效地在打包的代码上运行一个 python 解释器，但它有一个密码选项，它允许你加密字节码。

Yes, the key will be somewhere around the executable, and a very savvy costumer might have the means to extract it, thus unraveling a not so readable code. It's up to you to know if your code contains some big secret you need to hide at all costs. I would probably not do it if I wanted to charge big money for any bug solving in the deployed product. I could use it if client has good compliance standards and is not a potential competitor, nor is expected to pay for more licenses.

是的，密钥将在可执行文件附近的某个地方，一个非常精明的客户可能有办法提取它，从而解开一个不太可读的代码。您需要知道您的代码是否包含一些需要不惜一切代价隐藏的大秘密。如果我想为已部署产品中的任何错误解决收取大笔费用，我可能不会这样做。如果客户具有良好的合规性标准并且不是潜在的竞争对手，也不会为更多许可证付费，我可以使用它。

While I've done this once, I honestly would avoid doing it again.

虽然我做过一次，但老实说，我会避免再做一次。

Regarding the C code, if you can compile it into executables and/or shared libraries can be included in the executable generated by Pyinstaller.

关于 C 代码，如果您可以将其编译为可执行文件和/或共享库可以包含在 Pyinstaller 生成的可执行文件中。