Acra Engineering Examples illustrate the integration of Acra data protection suite into your existing application. Protecting the data is completely transparent for the users and requires minimal changes in the infrastructure.
This collection has several example applications. Each folder contains docker-compose file, that describes key management procedures and configurations of Acra.
# | Example | What's inside |
---|---|---|
1 | Intrusion detection system, transparent encryption, PostgreSQL | Go application, transparent encryption/decryption, poison records, PostgreSQL |
2 | SQL injection prevention, AcraCensor | OWASP Mutillidae vulnerable web application, AcraConnector, AcraServer, AcraCensor (SQL firewall) |
3 | Load balancing | python client application, AcraServer, HAProxy |
4 | Transparent encryption, Django, PostgreSQL | Django web application, transparent encryption/decryption, AcraServer, PostgreSQL |
5 | Transparent encryption, TimescaleDB | TimescaleDB, transparent encryption/decryption, AcraServer |
6 | Transparent encryption, Python app, MySQL, PostgreSQL | MySQL, PostgreSQL, transparent encryption/masking/tokenization, Python, AcraServer |
7 | Client-side encryption, Django, PostgreSQL | Django web application with client-side encryption (AcraWriter), decryption on AcraServer, PostgreSQL |
8 | Client-side encryption, python app, PostgreSQL | Simple python client application, client-side encryption, decryption on AcraServer, PostgreSQL |
9 | Client-side encryption, Ruby on Rails app, PostgreSQL | Ruby on Rails web application, client-side encryption, decryption on AcraServer, PostgreSQL |
10 | Transparent encryption, python app, CockroachDB | Simple python client application, transparent encryption/decryption on AcraServer, CockroachDB |
11 | Search in encrypted data | python client app, AcraServer, MySQL / PostreSQL database |
12 | AcraTranslator Demo | Go API Server, AcraTranslator, MongoDB |
13 | DB Migration Demo | python client app, AcraServer, PostreSQL database |
Integrating Acra into any application requires 3 steps:
- Generate cryptographic keys. In this examples, we generate only required keys for each example (Master key, and data encryption keys, rarely others). Refer to Key management to learn more about keys.
- Configure and deploy services.
- transparent encryption for SQL databases – configure and deploy AcraServer. Configure AcraServer's behavior, set up TLS, connect to the database, select which fields/columns to encrypt.
- encryption-as-a-service for NoSQL databases – configure and deploy AcraTranslator. Configure AcraTranslator's behavior, set up TLS, select gRPC or REST API.
- client-side encryption – you can encrypt data in the client application using AcraWriter, then decrypt data on AcraServer or AcraTranslator.
- Update client-side code.
- transparent encryption for SQL databases – just point client-side app to AcraServer instead of the database.
- encryption-as-a-service for NoSQL databases – call AcraTranslator API from client-side app and encrypt/decrypt fields on AcraTranslator.
- client-side encryption – integrate AcraWriter, call it to encrypt fields in the app before sending them to the database.
Please refer to the Acra Data flows for more detailed description and schemes.
Let us know if you have any questions by dropping an email to dev@cossacklabs.com.
- Acra website – learn about all Acra features, defense in depth, how it's better than "just TLS" and available licenses.
- Acra Community Edition – Acra Community Edition repository.
- Acra docs – all Acra docs and guides.
Need help in configuring Acra? Read more about support options and Acra Enterprise Edition.