Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Administration

Quick Start

search

Please Note:

Quick Start

This section describes how to get CRDP up and running in less than 10 minutes using a Helm Chart. Refer to Alternative Deployment Methods for instructions on deployment as a standalone container or deployment without a Helm Chart.

Prerequisites

  • Kubernetes environment is up and running and kubectl is installed.

  • Helm is installed. Refer to https://helm.sh/docs/intro/install/ for details.

  • CipherTrust Manager 2.14 or higher is up and running. Refer to CipherTrust Manager Deployment for details.

    • On the CipherTrust Manager, a CRDP application is defined.

    • A registration token is generated. This registration token will be used to register the CRDP clients with CipherTrust Manager.

    Refer to Defining applications in the Application Data Protection Administration document for details.

  • CRDP image repository, thalesciphertrust/ciphertrust-restful-data-protection, is accessible. This repository contains images for CRDP.

    The path for CRDP 1.1.0 is thalesciphertrust/ciphertrust-restful-data-protection:1.1.0.

    Note

    The image path with the latest tag (thalesciphertrust/ciphertrust-restful-data-protection:latest) always points to the latest release.

Tip

  • This document provides sample values such as target directory and IP address etc. using < >, for example, <target_directory>. Please replace these values with the actual values per your environment.

  • This document provides instructions to deploy CRDP in the default namespace.

Deploy CRDP within your Kubernetes Pod

  1. Download and copy the following files:

    Replace <target_directory> with the directory where you want to keep all the configuration files.

    Note

    To download the files, right-click each link and click Save Link As.

  2. Navigate to the <target_directory>.

  3. In the values.yaml file, update the values of kms and regToken fields.

    Here,

    • kms is the IP address of your CipherTrust Manager instance.

    • regToken is the registration token generated on the CipherTrust Manager while defining Applications.

    Note

    For this quick start, the communication protocol between the customer application and CRDP is no-tls. To change the protocol, change the value of servermode in the values.yaml file. Refer to Change TLS settings between application and CRDP for details.

  4. Deploy the CRDP application in your Kubernetes environment. This section uses crdp as the release name.

    helm install crdp .

    The status DEPLOYED indicates deployment is successful.

Verify the deployment

  1. List the deployed CRDP pods.

    kubectl get pods

    The output should list the deployed CRDP pod.

  2. Create a protection policy on CipherTrust Manager, for example, protect-credit-card. Refer to Creating protection policy for details.

  3. Try protecting the sample data.

    Sample Request

    curl <IP>:32082/v1/protect -X POST -H "Content-Type: application/json" -d '{"protection_policy_name": "protect-credit-card","data": "data to be protected"}'

    Replace <IP> with the actual IP address of your Kubernetes node where the CRDP pod is deployed. This sample request runs without JWT authentication and on the port 32082. To use a different authentication and port, refer to Authorization in CRDP and Deploy CRDP on custom port.

    Tip

    To get the IP address of your Kubernetes node, you can run the following command.

    kubectl get nodes -o wide

    Sample Response

    {
    "protected_data": "<ciphertext>"
}

  4. Check the CRDP logs.

    kubectl logs -f <crdp pod name>

    Sample logs

    {"level":"info","time":"Thu, 19 Sep 2024 17:40:37 +0000","msg":"going to initialize shield"}
{"level":"info","time":"Thu, 19 Sep 2024 17:40:37 +0000","msg":"registerClient: Going to register the client"}
{"level":"info","time":"Thu, 19 Sep 2024 17:40:38 +0000","msg":"registerClient: Register the client successfully"}

    The message Register the client successfully in the log indicates that the CRDP container is up and running.

CRDP is now deployed successfully and is ready to use. CRDP will get keys and configurations from the CipherTrust Manager. If there is any change in the policies and configuration, CRDP uses the heartbeat mechanism to get updates from the CipherTrust Manager.

Next steps

After the CRDP pod is up and running, you can explore any of the following topics:

On this page