Data Control Platform Quickstart
This quickstart is intended to help someone who wants to get started using the Data Control Platform as quickly as possible. In order to do that we’ll generate the users and devices using the commandline. This is not something you would want to do in your production application, but it lets you play around and get started as quickly as possible. We can use ironoxide-cli to generate our test users and devices in just a few easy steps, which will let you start writing code without much hassle.
If you'd like to see the Data Control Platform in use, we have a demo that runs a React-based web app that uses DCP to protect data.
In order to create a device that IronCore will recognize, you’ll first need to create an admin account. Signing up for an account with IronCore is easy, just visit IronCore admin console to create a free account. As part of the sign up process you’ll create a project and segment. For now you can name them
test-segment. These will be fine placeholder names for getting started.
If you already had an account and did not need to generate a new one, you’ll instead just need to generate a new identity assertion key, which we’ll cover in the next section.
Identity Assertion Keys are generated from the IronCore admin console. Select the project for which you want to generate keys and then click the “Add Identity Assertion Key” button. This will display a dialog that gives you the chance to download both the identity assertion key file as well as the configuration file. Save both these files, as you’ll need them to generate users.
In order to generate a user, you can use the ironoxide-cli utility that we provide. Binaries are provided for multiple architectures and platforms. If your architecture or platform isn’t available you can also build and install the utility on your system by cloning the repo and running
cargo install --path <path to ironoxide-cli folder>. To do user creation, you’ll need a configuration file and the identity assertion key you downloaded above. The configuration file is assumed to be named
config.jsonand the identity assertion key is named
assertionKey.pem. If you saved them using different names, adjust the following command accordingly.
Once you have installed
ironoxide-cli, you can create a user by running
ironoxide-cli user-create my-user --iak assertionKey.pem --config config.json --password MyTotallySecurePasswordIDidntCopyFromTheWebsite.
You should see output like this:
Creating user "my-user" Generating device for user "my-user" Outputting device context to "my-user.json"
my-user.jsonfile is what we call a device context. This is what you need to initialize our SDKs and interact with it as
my-user. Once you’ve initialized you’ll be able to decrypt things encrypted to
my-user, create groups, and perform all other actions as
Note that the device should not be shared between users (or instances of an application). They are ephemeral and should be generated as needed by your application. Using a separate device for each instance of the application allows you to revoke that device’s access without shutting down all of them. It’s easy to revoke access from a device.
A good next step is to read the Data Control Platform Guide which provides a good baseline for the problems that can be solved with the Data Control Platform. Multiple use cases and patterns are covered in the guide which can help you decide on the best architecture for your application. The following guide topics would also be a good place to try using on of the many SDKs provided.