Skip to main content

What is debug mode?

Debug mode lets you deploy a separate instance of your container with SSH access and logging enabled. This gives you a way to inspect the enclave runtime, troubleshoot startup issues, and test configuration changes — without affecting your production container.

When to use debug mode

  • Container startup failures: SSH in to check why your application isn’t starting
  • Configuration issues: Verify that environment variables and secrets are set correctly
  • Runtime debugging: Inspect processes, network, and filesystem inside the enclave
  • Testing changes: Validate a new config or image is working as expected before deploying to production

How it works

Debug containers are fully independent deployments. They run on a separate domain and have their own lifecycle, so you can deploy, update, and delete them without touching production instances.
ProductionDebug
Domain<name>.<org>.containers.tinfoil.dev<name>.debug.<org>.containers.tinfoil.dev
SSH accessNoYes
Docker loggingNoOptional
AttestationYesNo
Debug containers do not pass attestation. Tinfoil’s SecureClient will refuse to connect to a debug instance because debug enclaves are not confidential. This is by design as debug mode trades confidentiality for inspectability. Never use debug mode for production traffic or sensitive data.
A container named api can have both a production and a debug deployment running simultaneously.

Deploying a debug container

  1. On the Deploy tab, toggle Debug Mode on
  2. Select one or more SSH keys from your organization’s key list (see below)
  3. Configure the rest of the container as normal
  4. Click Deploy Container

Managing SSH keys

Before deploying a debug container, add your SSH public keys to the organization.

Adding keys

  1. Go to the SSH Keys tab in the Containers section
  2. Click Add SSH Key
  3. Paste your public key

Connecting via SSH

Once your debug container is running, the dashboard shows the SSH connection command on the container’s card. It looks like: 
ssh -p <port> [email protected]
This gives you a shell inside the enclave where you can inspect running processes, check logs, verify environment variables, and debug your application.

Promoting to production

Once you’ve finished testing with a debug container, you can redeploy it as a production enclave directly from the dashboard:
  1. On the debug container’s card, click Redeploy
  2. In the dialog, click Deploy to Prod
  3. The container redeploys as a production enclave with the same configuration but with debug access and logging disabled
The old debug deployment is replaced once the production deployment is ready.