Skip to content

digital-asset/ex-secure-daml-infra

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.circleci
 
 
Documentation
 
 
bot
 
 
client-app
 
 
daml
 
 
nginx-conf
 
 
pg-initdb
 
 
sockets
 
 
static-content
 
 
ui
 
 
.dlint.yaml
 
 
.gitignore
 
 
Dockerfile.authnode
 
 
LICENSE
 
 
README.md
 
 
SECURITY.md
 
 
accounts.json
 
 
auth-service.py
 
 
build.sh
 
 
clean.sh
 
 
compose-shutdown.sh
 
 
daml.yaml
 
 
decode-jwks.sh
 
 
decode-jwt.sh
 
 
docker-compose.env
 
 
docker-compose.env-cicd-template
 
 
docker-compose.env-template
 
 
docker-compose.yml
 
 
docker-compose.yml-simple
 
 
edge-tls.yaml-cicd-template
 
 
edge-tls.yaml-template
 
 
env.sh
 
 
env.sh-cicd-template
 
 
env.sh-template
 
 
fix-permissions.sh
 
 
frontend-config.js
 
 
get-alice-token.sh
 
 
get-bob-token.sh
 
 
get-george-token.sh
 
 
get-json-api-token.sh
 
 
get-m2m-token.sh
 
 
get-navigator-token.sh
 
 
get-tokens.sh
 
 
init-ledger.sh
 
 
intermediate-ca.cnf.sample
 
 
java.security
 
 
make-certs.sh
 
 
make-jwks.py
 
 
make-jwt.sh
 
 
parties.txt
 
 
party_auth.txt
 
 
root-ca.cnf.sample
 
 
run-auth-service.sh
 
 
run-deploy.sh
 
 
run-docker-compose.sh
 
 
run-docker-tests.sh
 
 
run-docker.sh
 
 
run-json-api.sh
 
 
run-ledger-cmd.sh
 
 
run-navigator.sh
 
 
run-ocsp.sh
 
 
run-python-bot.sh
 
 
run-root-ocsp.sh
 
 
run-sandbox.sh
 
 
run-tls-client.sh
 
 
run-tls-server.sh
 
 
run-trigger.sh
 
 
test-all.sh
 
 
test-grpc.sh
 
 
test-json.sh
 
 
test-load.sh
 
 
test-ocsp.sh
 
 
test-script.sh
 
 
test-tls.sh
 
 
ui-backend.conf
 
 
Welcome to Secure DAML Infrastructure Getting started

README.md

DAML logo

Download License

Welcome to Secure DAML Infrastructure

This repository contains a reference implementation of how to setup a DAML Ledger with full "Infrastructure" security, i.e. secure connections over TLS and connection authorization via tokens. This will involve a test Public Key Infrastructure (PKI) to create TLS and client certificates and JSON Web Token (JWT) for all user and service authentication. We will use Auth0 as an example of an oAuth provider for this, though the concepts should work with a number of others, e.g.Okta, OneLogin, Ping.

The demo application covers the following aspects:

  1. Create a reference PKI with root and intermediate CAs and TLS certificates
  2. Integrate security with Auth0 for user and service accounts (M2M)
  3. Configure TLS security for all connections including database
  4. A UI written in TypeScript and React authenticating through Auth0
  5. A series of tests to demonstrate the services running over secure connections
  6. Test DAML Triggers and Python bots for DAML automation

This builds on the original sample ex-authentication-auth0 that was described in blog: Easy authentication for your distributed app with DAML and Auth0

Getting started

Documentation is also provided detailing each of the steps.

Copyright (c) 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved. SPDX-License-Identifier: Apache-2.0

About

Reference example of a secure Ledger deployment using mTLS and JWT tokens

Resources

Readme

License

View license

Security policy

Security policy
Activity

Stars

7 stars

Watchers

11 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages