Under Submission – In a secure analytics platform, data sources consent to exclusive use of their data for a pre-defined set of analytics queries performed by a specific group of analysts, and for a limited period. Sufficiently strong security can encourage data contributions by data sources who feel the analytics respect their privacy and support a worthy cause, such as public health, efficient public mobility and infrastructure, or sustainable energy. Unfortunately, no platform currently exists that offers a level of security that can alleviate data owners' concerns about privacy, confidentiality, and data misuse; as a result, many types of analytics that would be in the public interest are impossible for lack of data. CoVault uses a new implementation of functional encryption (FE) for secure analytics, which relies on a unique combination of secret sharing, multi-party secure computation (MPC), and different trusted execution environments (TEE). It is secure under a very strong threat model that tolerates the failure of, and side-channel attacks on, any one TEE, and can therefore enable analytics on sensitive data not previously possible. Despite the cost of MPC, we show that CoVault scales to very large data sizes using map-reduce based query parallelization. For example, we show that CoVault can perform queries relevant to epidemic analytics at scale.