Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Alternative Deployment Methods

Deploy DPG as a Standalone Container

search

Please Note:

Deploy DPG as a Standalone Container

This section describes the steps necessary to deploy DPG as a container in Docker.

Prerequisites

This deployment scenario assumes that:

  • Docker Container runtime environment (CRE) is ready.

  • A minimum supported docker version is installed. For DPG, the minimum supported version is 20.10.0.

  • CipherTrust Manager is up and running. Refer to CipherTrust Manager Deployment for details.

DPG Image Repository

The ciphertrust-data-protection-gateway repository contains the following images for DPG 1.3.0:

  • DPG (with 1.3.0 tag): thalesciphertrust/ciphertrust-data-protection-gateway:1.3.0

  • DPG (with latest tag): thalesciphertrust/ciphertrust-data-protection-gateway:latest

    The image path with the latest tag always points to the latest release.

  • Sample Application Server (with appserver tag): thalesciphertrust/ciphertrust-data-protection-gateway:appserver

Steps to Deploy DPG as a Standalone Container

  1. Define Application and generate registration token on the CipherTrust Manager. Refer to Application Protection Administrator Guide for details.

  2. Pull the DPG image to the container environment as shown below:

    docker pull thalesciphertrust/ciphertrust-data-protection-gateway:latest

  3. Run DPG in container environment, as shown below:

    docker run -d --name < name> -p <host-port>:<DPG_port> -e "KMS=<ipaddress/hostname>" -e "TLS_ENABLED=false" -e "VALUE=<cert value>" -e "KEY_VALUE=<key value>" -e "REG_TOKEN=<registrationtoken>" -e "DESTINATION_URL=<destinationurl>" -e "DPG_PORT=<DPG_port>" <DPG-image-name>

    Here,

    • KMS: IP address/Hostname of the CipherTrust Manager.

    • CERT_VALUE: The text of the TLS certificate in .PEM format. This variable is required only if TLS_ENABLED is set to true.

    • KEY_VALUE: The private key associated with the TLS certificate. This variable is required only if TLS_ENABLED is set to true.

    • REG_TOKEN: Registration token used to register a DPG client on the CipherTrust Manager.

    • DESTINATION_URL: URL of the Application Server including the application port.

    • DPG_PORT: The port on which the DPG container is exposed; default is 8990.

    • host-port: The port on which the application is targeted.

    • <DPG-image-name>: Path including the name of the DPG image.

    Click here to know more about environment variables.

Note

It is not recommened to run DPG container in the privileged mode.

After the DPG service is running, it gets all associated policies and configurations from the CipherTrust Manager. If there is any change in the policies and configuration, DPG uses the heartbeat mechanism to get the updates from the CipherTrust Manager. The client must send request to DPG instead of the Application Server. DPG will perform cryptographic operations and send requests to the Application Server. When revealing the data, DPG reads the access policy and displays the output based on the reveal format set in the access policy.

On this page