1. Docs

Data Control Platform Quickstart

This quickstart is intended to help someone who wants to get started using the Data Control Platform as quickly as possible. In order to do that we’ll generate the users and devices using the commandline. This is not something you would want to do in your production application, but it lets you play around and get started as quickly as possible. We can use ironoxide-cli to generate our test users and devices in just a few easy steps, which will let you start writing code without much hassle.

If you’d like to see the Data Control Platform in use, we have a demo that runs a React-based web app that uses DCP to protect data.

Sign up for an account

In order to create a device that IronCore will recognize, you’ll first need to create an admin account. Signing up for an account with IronCore is easy, just visit IronCore admin console to create a free account. As part of the sign up process you’ll create a project and segment. For now you can name them test-project and test-segment. These will be fine placeholder names for getting started.

If you already had an account and did not need to generate a new one, you’ll instead just need to generate a new identity assertion key, which we’ll cover in the next section.

Generate Identity Assertion Keys

Identity Assertion Keys are generated from the IronCore admin console. Select the project for which you want to generate keys and then click the “Add Identity Assertion Key” button. This will display a dialog that gives you the chance to download both the identity assertion key file as well as the configuration file. Save both these files, as you’ll need them to generate users.

Generate a User and Device

In order to generate a user, you can use the ironoxide-cli utility that we provide. Binaries are provided for multiple architectures and platforms. If your architecture or platform isn’t available you can also build and install the utility on your system by cloning the repo and running cargo install --path <path to ironoxide-cli folder>. To do user creation, you’ll need a configuration file and the identity assertion key you downloaded above. The configuration file is assumed to be named config.json and the identity assertion key is named assertionKey.pem. If you saved them using different names, adjust the following command accordingly.

Once you have installed ironoxide-cli, you can create a user by running ironoxide-cli user-create my-user --iak assertionKey.pem --config config.json --password MyTotallySecurePasswordIDidntCopyFromTheWebsite.

You should see output like this:

Creating user "my-user"
Generating device for user "my-user"
Outputting device context to "my-user.json"

The my-user.json file is what we call a device context. This is what you need to initialize our SDKs and interact with it as my-user. Once you’ve initialized you’ll be able to decrypt things encrypted to my-user, create groups, and perform all other actions as my-user.

Note that the device should not be shared between users (or instances of an application). They are ephemeral and should be generated as needed by your application. Using a separate device for each instance of the application allows you to revoke that device’s access without shutting down all of them. It’s easy to revoke access from a device.

What’s Next

A good next step is to read the Data Control Platform Guide which provides a good baseline for the problems that can be solved with the Data Control Platform. Multiple use cases and patterns are covered in the guide which can help you decide on the best architecture for your application. The following guide topics would also be a good place to try using on of the many SDKs provided.

Initializing An SDK

Decrypt As Needed

Encrypt To Group

Encrypt via Policy

Decrypt As Needed

Was this page helpful?