This repo contains a simple iOS chat app. It demonstrates how to store sensitive data (username/password, phone number, chat messages) in TrueVault, while storing non-sensitive deidentified data in a traditional SQL server.
Representing chat conversations is easiest in a relational database, but storing protected information (e. g. free text fields) is easiest in TrueVault. By splitting our data into protected data (chat messages, user information) and de-identified metadata, we get the best of both worlds. This sample application illustrates this approach by storing chat messages and user info in TrueVault, and everything else in a SQLite database:
As you can see, the Node JS server doesn't contain any protected information; it just contains opaque TrueVault IDs. However, since they're stored in a relational database it's trivial to write analytics queries that would be difficult or impossible with a document store.
Having the data split in this manner adds some complexity. When the user sends a chat message, the following events occur:
Note that the chat message never gets sent to the NodeJS server; only the document ID from TrueVault goes to the NodeJS server. Since the NodeJS server (and its backing SQLite database) never receive any sensitive information, it's easy to deploy securely.
To run the sample app on your computer, lay the following groundwork:
- Create a Twilio account
- Provision a Twilio number to use as the 'From' number when sending messages
- Create a restricted Twilio access key that can send SMSs
.envand insert the values you got earlier
- Create a TrueVault account: https://console.truevault.com/register
- Create a vault to store the chat messages
- Create a group that only allows creating users
- Create a user, and add it to that group
- Generate a new API key for that user
Config.swiftand populate with the appropriate values
Then, start the NodeJS server:
yarn node index.js
And finally, launch the iOS app via Xcode.