Integrating IBM Cloud Data Shield Into Your Application Deployment Process

Automation Security

1 min read

By:

Rahul Dabir, Cloud Security Developer

When it comes to deploying production level applications into a Kubernetes environment, it's common to use a pipelining tool to automate deployment.

This blog post will show you how you can seamlessly integrate IBM Cloud Data Shield into your existing deployment schema.

Prerequisites

You must have an Intel SGX-enabled Kubernetes cluster running on IBM Cloud with Data Shield installed.

Updating your application

Once you make changes to your application's source code, push to source control as usual. Most pipelining tools can be configured to trigger a job as soon as a given repo is updated.

Deploying and converting

Within your pipeline, add the following token generation and conversion shell commands (make sure to replace any relevant variables with those specific to your application and cluster).

TOKEN=$(ibmcloud cr token-add --non-expiring --readwrite --description 'EnclaveOS Container Converter' | sed -n 4p | awk {'print $2'})

(echo -n '{"auths":{"<region>.icr.io":{"auth":"'; echo -n 'token:'"$TOKEN" | openssl base64 -A;  echo '"}}}')

export token=`ibmcloud iam oauth-tokens | awk -F"Bearer " '{print $NF}'`

curl -H 'Content-Type: application/json' -d '{"inputImageName": "{registry}/{application_image}", "outputImageName": "{registry}/{application_image_sgx}", "threads": 128, "rwDirs": ["/"] }' -H "Authorization: Basic $token"  https://enclave-manager.{cluster}.{region}.containers.appdomain.cloud/api/v1/tools/converter/convert-app

The above commands generate auth tokens needed for conversion and use them to convert your application with the IBM Cloud Data Shield Enclave Manager running on your cluster. See the documentation for more information on application conversion.

Upon successful conversion, create your pod using the SGX converted image in your registry and an SGX configured deployment/pod specification.

Conclusion

IBM Cloud Data Shield is now seamlessly integrated into your existing deployment schema, leveraging the power of Intel SGX, and providing you the benefits of runtime encryption with just a few lines of code.

Get started with IBM Cloud Data Shield.

Rahul Dabir

Rahul Dabir

Cloud Security Developer

Follow IBM Cloud

Be the first to hear about news, product updates, and innovation from IBM Cloud.

Email subscribeRSS

IBM Cloud Technologies

Related Articles

New Guide Available on Building PCI DSS Compliant Environments on IBM Public Cloud

Compute

New Guide Available on Building PCI DSS Compliant Environments on IBM Public Cloud

By: Stephanie Schmader and Gopal Indurkhya

30 March 2020

icons

Tekton in the IBM Cloud: Part 1 - Getting Started

Automation

Tekton in the IBM Cloud: Part 1 - Getting Started

By: Powell Quiring

25 March 2020

icons

Improve Scale and Automation by Modernizing Existing Applications

Automation

Improve Scale and Automation by Modernizing Existing Applications

By: James Belton

23 March 2020

icons

Be the first to hear about news, product updates, and innovation from IBM Cloud