Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Alternative Deployment Methods

Deploy CRDP as a Standalone Container

search

Please Note:

printsuggest an editpdf paneldownload

Deploy CRDP as a Standalone Container

This article covers the steps involved in deploying CRDP as a standalone container in Docker. Refer to Alternative Deployment Methods for other methods of deploying CRDP.

copy link to clipboardPrerequisites

This deployment scenario assumes that:

  • Docker version 24.0.1 or higher should be installed.

  • CipherTrust Manager 2.14 or higher is up and running. Refer to CipherTrust Manager Deployment for details.

    • On the CipherTrust Manager, a CRDP application is defined.

    • A registration token is generated. This registration token will be used to register the CRDP clients with CipherTrust Manager.

    Refer to Defining applications in the Application Data Protection Administration document for details.

  • CRDP image repository, thalesciphertrust/ciphertrust-restful-data-protection, is accessible. This repository contains images for CRDP.

    The path for CRDP 1.1.0 is thalesciphertrust/ciphertrust-restful-data-protection:1.1.0.

    Note

    The image path with the latest tag (thalesciphertrust/ciphertrust-restful-data-protection:latest) always points to the latest release.

copy link to clipboardSteps to deploy CRDP as standalone container

  1. Pull the CRDP image to the container environment.

    docker pull thalesciphertrust/ciphertrust-restful-data-protection:1.1.0

  2. Run CRDP in the container environment. The deployment command slightly varies based on the communication protocol used between the customer application and CRDP. The default protocol is tls-cert-opt.

    docker run -e KEY_MANAGER_HOST=<IP address or host name> -e REGISTRATION_TOKEN=<registration token> -p <host port>:8090 -e SERVER_MODE=no-tls <crdp image name>

    Here,

    • <host port>: Any available port on the host machine, for example, <8080>.

    • <crdp image name>: Name of the CRDP image pulled earlier.

    docker run -e KEY_MANAGER_HOST=<IP address or host name> -e REGISTRATION_TOKEN=<registration token> -p <host port>:8090 -e SERVER_MODE=tls-cert-opt -e CERT_VALUE="<certificate value>" -e KEY_VALUE="<key value>" <crdp image name>

    Here,

    • <host port>: Any available port on the host machine, for example, <8080>.

    • <certificate value>: Value of the server certificate.

    • <key value>: Value of the key.

    • <crdp image name>: Name of the CRDP image pulled earlier.

    docker run -e KEY_MANAGER_HOST=<IP address or host name> -e REGISTRATION_TOKEN=<registration token> -p <host port>:8090 -e SERVER_MODE=tls-cert -e CERT_VALUE="<certificate value>" -e KEY_VALUE="<key value>" -e TRUSTED_CA="<trusted ca>" <crdp image name>

    Here,

    • <host port>: Any available port on the host machine, for example, <8080>.

    • <certificate value>: Value of the server certificate.

    • <key value>: Value of the key.

    • <trusted ca>: Value of the trusted CA.

      Note

      The client must have the certificate and key signed by the TRUSTED_CA.

    • <crdp image name>: Name of the CRDP image pulled earlier.

    Note

    • For more information about environment variables used in CRDP, refer to Environment Variables.

    • It is not recommended to run CRDP container in the privileged mode.

copy link to clipboardVerify your deployment

Call the following APIs to verify your deployment:

curl http://localhost:<host port>/healthz -H 'Content-Type: application/json' -X GET
curl -k https://localhost:<host port>/healthz -H 'Content-Type: application/json' -X GET
curl --cert <cert.pem> --key <key.pem> -k https://localhost:<host port>/healthz -H 'Content-Type: application/json' -X GET

Here,

  • <cert.pem>: Path of the client certificate.

  • <key.pem>: Path of the key associated with the client certificate.

Note

The key file and the client certificate file should be in the pem format.

copy link to clipboardNext steps

After the CRDP container is up and running, you can explore any of the following topics:

On this page