Tutorial: Apply End-to-End Security to Cloud Applications

Share this post:

IBM Cloud services working together to provide security

Have you ever wondered how to secure your cloud application? In a new solution tutorial, we show how different IBM Cloud services work together to apply end-to-end security to your applications. You will learn to capture and review security-related events, encrypt cloud storage using your own keys (i.e., bring your own key—BYOK), plug user authentication directly into Kubernetes Ingress, and safely manage your Docker image in a private registry and scan it for vulnerabilities.


In our new IBM Cloud solution tutorial, we walk you through all the steps to create a cloud app that incorporates several security-related services and features. We have chosen a secure file storage app as a sample scenario (see screenshot below). After authenticating, users upload files into their workspace. Those files can be shared with others via generated access links. The links expire automatically. Security-related events for the IBM Cloud account are logged and are reviewed as part of the tutorial. The app is written in Node.js and deployed as Docker container on a Kubernetes cluster.

Secure File Storage app with end to end security

Secure File Storage App

Cloud services and architecture

In the tutorial, we use the following IBM Cloud services:
  • IBM Cloud Activity Tracker to log all security-related events. This includes logging into the account, provisioning or deleting services, working with encryption keys, and more.
  • IBM Cloud Key Protect to manage encryption keys. For the tutorial, we generate a root key for envelopeencryption of stored files. You could also import your own root key (i.e., bring your own key—BYOK). We use the root key to create encrypted buckets in the IBM Cloud Object Storage service.
  • IBM Cloud Object Storage (COS) service to produce expiring links to individual files. The links can be shared with others and expire after the set amount of time so that the file cannot be accessed thereafter.
  • IBM Cloud App ID as a wrapper around Identity Providers to manage authentication and authorization through a single interface. It supports both social logins (e.g., Facebook, Google) as well as enterprise directories (SAML). The App ID service can be directly integrated with Kubernetes Ingress.
  • IBM Cloud Container Registry as a private image registry from which we deploy the application as a container into a Kubernetes cluster (IBM Cloud Kubernetes Service). The container registry includes a Vulnerability Advisors that scans for and assesses container vulnerability and then recommends fixes.
Architecture diagram for the secure file storage app with end-to-end security

Solution Architecture: Secure File Storage App


To learn more about how to apply end-to-end security to your new app on IBM Cloud, head over to the IBM Cloud solution tutorials in the documentation. Best of all, the code for the security tutorial is shared on GitHub in this repository. If you are in a hurry, it even allows you to deploy the full Node.js in Docker application and its services with the press of a button via toolchain.

Technical Offering Manager / Developer Advocate

Vidyasagar Machupalli

Technical Offering Manager & Polyglot Programmer | IBM Cloud

More How-tos stories
February 13, 2019

Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager 3.1.2

Use Argo CD, a GitOps continuous delivery tool for Kubernetes, and IBM Multicloud Manager to achieve declarative and automated deployment of applications to multiple Kubernetes clusters.

Continue reading

February 11, 2019

Solving Business Problems with Splunk on IBM Cloud Kubernetes Service

In this tutorial, we will install Splunk Connect for Kubernetes into an existing Splunk instance. Splunk Connect for Kubernetes provides a way to import and search your Kubernetes logging, object, and metrics data in Splunk.

Continue reading

February 8, 2019

A How-To for Migrating Redis to IBM Cloud Databases for Redis

If you’re moving your data over to IBM Cloud Databases for Redis, you’ll need to take some steps to successfully migrate all of your data. We’ve got you covered. In this post, we’ll show you a quick way to start migrating your data across to Databases for Redis, whether your database is on-premise or in the cloud.

Continue reading