Skip to content

Acra-based example projects: check how easy it is to deploy data security in typical web infrastructures.

License

Notifications You must be signed in to change notification settings

cossacklabs/acra-engineering-demo

Repository files navigation

What is this?

Acra Engineering Examples illustrate the integration of Acra data protection suite into your existing application. Protecting the data is completely transparent for the users and requires minimal changes in the infrastructure.

This collection has several example applications. Each folder contains docker-compose file, that describes key management procedures and configurations of Acra.

# Example What's inside
1 Intrusion detection system, transparent encryption, PostgreSQL Go application, transparent encryption/decryption, poison records, PostgreSQL
2 SQL injection prevention, AcraCensor OWASP Mutillidae vulnerable web application, AcraConnector, AcraServer, AcraCensor (SQL firewall)
3 Load balancing python client application, AcraServer, HAProxy
4 Transparent encryption, Django, PostgreSQL Django web application, transparent encryption/decryption, AcraServer, PostgreSQL
5 Transparent encryption, TimescaleDB TimescaleDB, transparent encryption/decryption, AcraServer
6 Transparent encryption, Python app, MySQL, PostgreSQL MySQL, PostgreSQL, transparent encryption/masking/tokenization, Python, AcraServer
7 Client-side encryption, Django, PostgreSQL Django web application with client-side encryption (AcraWriter), decryption on AcraServer, PostgreSQL
8 Client-side encryption, python app, PostgreSQL Simple python client application, client-side encryption, decryption on AcraServer, PostgreSQL
9 Client-side encryption, Ruby on Rails app, PostgreSQL Ruby on Rails web application, client-side encryption, decryption on AcraServer, PostgreSQL
10 Transparent encryption, python app, CockroachDB Simple python client application, transparent encryption/decryption on AcraServer, CockroachDB
11 Search in encrypted data python client app, AcraServer, MySQL / PostreSQL database
12 AcraTranslator Demo Go API Server, AcraTranslator, MongoDB
13 DB Migration Demo python client app, AcraServer, PostreSQL database

Overview

Integrating Acra into any application requires 3 steps:

  1. Generate cryptographic keys. In this examples, we generate only required keys for each example (Master key, and data encryption keys, rarely others). Refer to Key management to learn more about keys.
  2. Configure and deploy services.
    1. transparent encryption for SQL databases – configure and deploy AcraServer. Configure AcraServer's behavior, set up TLS, connect to the database, select which fields/columns to encrypt.
    2. encryption-as-a-service for NoSQL databases – configure and deploy AcraTranslator. Configure AcraTranslator's behavior, set up TLS, select gRPC or REST API.
    3. client-side encryption – you can encrypt data in the client application using AcraWriter, then decrypt data on AcraServer or AcraTranslator.
  3. Update client-side code.
    1. transparent encryption for SQL databases – just point client-side app to AcraServer instead of the database.
    2. encryption-as-a-service for NoSQL databases – call AcraTranslator API from client-side app and encrypt/decrypt fields on AcraTranslator.
    3. client-side encryption – integrate AcraWriter, call it to encrypt fields in the app before sending them to the database.

Please refer to the Acra Data flows for more detailed description and schemes.


Further steps

Let us know if you have any questions by dropping an email to [email protected].

  1. Acra website – learn about all Acra features, defense in depth, how it's better than "just TLS" and available licenses.
  2. Acra Community Edition – Acra Community Edition repository.
  3. Acra docs – all Acra docs and guides.

Need help?

Need help in configuring Acra? Read more about support options and Acra Enterprise Edition.