Tutorials
Fly.io Deployment
This guide explains how to deploy CipherStash CipherStash Proxy to Fly.io.
You will be deploying the cipherstash/cipherstash-proxy docker container to Fly.io and assumes you have already configured and tested your CipherStash Proxy instance. If you haven't already done so, please follow the Getting Started guide.
Steps to Deploy
1. Install and Log in to Flyctl
Before starting, make sure you have Flyctl, the CLI tool for managing apps on Fly.io, installed on your machine. If you haven't already installed it, you can find the installation guide on Fly.io. Once installed, log in to your Fly account.
1fly auth login2. Preparing the project
You will need to create a directory with the following files:
Dockerfilecipherstash-proxy.toml
1mkdir flyio-cipherstash-proxy
2cd flyio-cipherstash-proxy
3touch Dockerfile cipherstash-proxy.tomlNote: The cipherstash-proxy.toml file is used as a placeholder, as we will be using environment variables to configure the CipherStash Proxy instance.
2.1 Init fly.io
You will need to use the flyctl init command to initialize the Fly.io project. This command will generate a fly.toml file that will be used to configure the Fly.io project.
1flyctl init3. Configuring the Dockerfile
The Dockerfile is used to build the image that will be deployed to Fly.io. The following is the contents of the Dockerfile you'll use:
1FROM cipherstash/cipherstash-proxy:latest
2EXPOSE 6432
3COPY cipherstash-proxy.toml /etc/cipherstash-proxy/cipherstash-proxy.toml4. Configuring Fly.io
The following is the contents of the fly.toml file you'll use:
1app = "cipherstash-proxy"
2
3# Set the region based on your preference
4primary_region = "ord"
5
6[build]
7
8[[services]]
9internal_port = 6432
10protocol = "tcp"
11auto_stop_machines = false
12auto_start_machines = false
13min_machines_running = 1
14[[services.ports]]
15port = 6432
16
17[[vm]]
18cpu_kind = "shared"
19cpus = 1
20memory_mb = 10245. Setting up Environment Variables
You will need to set the following environment variables:
1CS_USERNAME=fill-me-in
2CS_PASSWORD=fill-me-in
3CS_DATABASE__HOST=fill-me-in
4CS_DATABASE__PORT=fill-me-in
5CS_DATABASE__NAME=fill-me-in
6CS_WORKSPACE_ID=fill-me-in
7CS_CLIENT_ACCESS_KEY=fill-me-inYou can set these environment variables using the flyctl secrets set command:
1flyctl secrets set MY_SECRET=romanceYou will need to replace the placeholders with your actual values.
6. Deploying to Fly.io
You can now deploy your app to Fly.io using the flyctl deploy command:
1flyctl deploy7. Reserving a Static IP Address
Since you will be using a non-standard port, you will need to reserve a static IP address for your app. You can do this using the flyctl ips reserve command:
1fly ips allocate-v4 --app cipherstash-proxy8. Accessing Your App
CipherStash Proxy will be running on port 6432 and you can access it using the static IP address you reserved in the previous step. You can now configure your application to connect to CipherStash Proxy using the following connection string:
1postgres://<username>:<password>@<static-ip-address>:6432/<database-name>Conclusion
By following these steps, you should have successfully deployed CipherStash Proxy to Fly.io. For detailed steps and further information, you can refer to Fly.io's official documentation.
With the CipherStash Proxy in place, you can now use the entire CipherStash product suite to secure your data:
- CipherStash Audit: Audit your database queries and data access logs.
- CipherStash Encrypt: Encrypt your data at rest and in transit.
- CipherStash Identify: Identify and mask sensitive data in your database. (Coming soon!)