Apply end to end security to a cloud application
The repository features a sample application that enables groups of users to upload files to a common storage pool and to provide access to those files via shareable links. The application is written in Node.js and deployed as Docker container to the IBM Cloud Kubernetes service. It leverages several security-related services and features to improve app security. It includes data encrypted with your own keys, user authentication, and security auditing.
Refer to this tutorial for instructions.
- The user connects to the application.
- App ID secures the application and redirects the user to the authentication page. Users can sign up from there too.
- The application is running in a Kubernetes cluster from an image stored in the container registry. The image is automatically scanned for vulnerabilities.
- Files uploaded by the user are stored in Cloud Object Storage.
- The bucket where the files are stored is using a user-provided key to encrypt the data.
- All activities related to managing the solution are logged by Activity Tracker.
Deploy with a toolchain
This project comes with a partially automated toolchain capable of deploying the application to IBM Cloud while provisioning all required services.
Create a standard Kubernetes cluster
Create a registry namespace
Optionally create a specific resource group for this project
Once the toolchain has completed, the application will be available at
The toolchain includes a stage named UNINSTALL (manual). This stage can only be triggered manually and will remove all resources created by the toolchain (app and services).
|app.js||Implementation of the application.|
|credentials.template.env||To be copied to
|Dockerfile||Docker image description file.|
|secure-file-storage.template.yaml||Kubernetes deployment file with placeholders. To be copied to
To test locally
- Follow the tutorial instructions to have the app deployed to a cluster. Specially the sections to create all the services and to populate the
- Access the tokens with
https://secure-file-storage.<INGRESS_SUBDOMAIN>/api/tokens. This will shows the raw App ID authorization header together with the decode JWT tokens for your session.
- In your local shell:
export TEST_AUTHORIZATION_HEADER="<value of the header attribute 'Bearer ... ...'>"
- npm start
See License.txt for license information.