Fides (fee-dhez, Latin: Fidēs) is an open-source tool that allows you to easily declare your systems' privacy characteristics, track privacy related changes to systems and data in version control, and enforce policies in both your source code and your runtime infrastructure.
-
Get running with Docker: First, ensure that you have
makeanddockerinstalled locally, and clone the Fides repo. Then, from the fides directory, run the following commands:This will spin up the entire project and open a shell within the `fidesctl` container. Once you see the `fidesctl#` prompt (takes ~3 minutes the first time), you know you're ready to go:Run `make cli`
~/git/fides% make cli Build the images required in the docker-compose file... ... Building fidesapi ... Building fidesctl ... Building docs ... root@1a742083cedf:/fides/fidesctl#
This builds the required images, spins up the database, and runs the initialization scripts.Run `fidesctl init-db`
~/git/fides% fidesctl init-db INFO [alembic.runtime.migration] Context impl PostgresqlImpl. INFO [alembic.runtime.migration] Will assume transactional DDL.This confirms that your `fidesctl` CLI can reach the server and everything is ready to go!Run `fidesctl ping`
root@796cfde906f1:/fides/fidesctl# fidesctl ping Pinging http://fidesctl:8080/health... { "data": { "message": "Fides service is healthy!" } } -
Run
fidesctl evaluate demo_resources/. This command ensures that the demo_analytics_system and demo_marketing_system systems are compliant with your privacy policy as code:Results of`fidesctl evaluate`
root@fa175a43c077:/fides/fidesctl# fidesctl evaluate demo_resources Loading resource manifests from: demo_resources Taxonomy successfully created. ---------- Processing registry resources... CREATED 1 registry resources. UPDATED 0 registry resources. SKIPPED 0 registry resources. ---------- Processing dataset resources... CREATED 1 dataset resources. UPDATED 0 dataset resources. SKIPPED 0 dataset resources. ---------- Processing policy resources... CREATED 1 policy resources. UPDATED 0 policy resources. SKIPPED 0 policy resources. ---------- Processing system resources... CREATED 2 system resources. UPDATED 0 system resources. SKIPPED 0 system resources. ---------- Loading resource manifests from: demo_resources Taxonomy successfully created. Evaluating the following policies: demo_privacy_policy ---------- Checking for missing resources... Executing evaluations... Sending the evaluation results to the server... Evaluation passed!
Congratulations, you've successfully run your first fidesctl
evaluatecommand! -
Now, take a closer look at
demo_resources/demo_policy.ymlwhich describes an organization's privacy policy as code. This policy just includes one rule: fail if any system that uses contact information for marketing purposes.Run `cat demo_resources/demo_policy.yml`
policy: - fides_key: demo_privacy_policy name: Demo Privacy Policy description: The main privacy policy for the organization. rules: - fides_key: reject_direct_marketing name: Reject Direct Marketing description: Disallow collecting any user contact info to use for marketing. data_categories: inclusion: ANY values: - user.provided.identifiable.contact data_uses: inclusion: ANY values: - advertising data_subjects: inclusion: ANY values: - customer data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified action: REJECT
-
Lastly, we're going to modify our annotations in a way that would fail the policy we just looked at:
Edit `demo_resources/demo_system.yml` and uncomment the line that adds `user.provided.identifiable.contact` to the list of `data_categories` for the `demo_marketing_system`.Add User-provided contact info to the demo_marketing_system
privacy_declarations: - name: Collect data for marketing data_categories: - #- user.provided.identifiable.contact # uncomment to add this category to the system + - user.provided.identifiable.contact # uncomment to add this category to the system - user.derived.identifiable.device.cookie_id data_use: marketing_advertising_or_promotion data_subjects:Run `fidesctl evaluate` again
Re-run `fidesctl evaluate demo_resources` which will cause an evaluation failure! This is because your privacy policy has 1 rule that should fail if any system uses contact information for marketing purposes, and you've just updated your marketing system to start using contact information for marketing purposes.root@fa175a43c077:/fides/fidesctl# fidesctl evaluate demo_resources ... Executing evaluations... { "status": "FAIL", "details": [ "Declaration (Collect data for marketing) of System (demo_marketing_system) failed Rule (Reject Direct Marketing) from Policy (demo_privacy_policy)" ], "message": null }
At this point, you've seen some of the core concepts in place: declaring systems, evaluating policies, and re-evaluating policies on every code change. But there's a lot more to discover, so we'd recommend following the tutorial to keep learning.
Fides provides a variety of docs to help guide you to a successful outcome.
We are committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.
For more information on getting started with Fides, how to configure and set up Fides, and more about the Fides ecosystem of open source projects:
- Documentation: https://ethyca.github.io/fides/
- Tutorial: https://ethyca.github.io/fides/tutorial/overview/
- Deployment: https://ethyca.github.io/fides/deployment/
- Roadmap: https://github.com/ethyca/fides/milestones
- Website: www.ethyca.com/fides
Join the conversation on:
We welcome and encourage all types of contributions and improvements! Please see our contribution guide to opening issues for bugs, new features, and security or experience enhancements.
Read about the Fides community or dive into the development guides for information about contributions, documentation, code style, testing and more. Ethyca is committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.
The Fides ecosystem of tools (Fidesops and Fidesctl) are licensed under the Apache Software License Version 2.0. Fides tools are built on Fideslang, the Fides language specification, which is licensed under CC by 4.