Home

Awesome

What is this?

Acra Engineering Examples illustrate the integration of Acra data protection suite into your existing application. Protecting the data is completely transparent for the users and requires minimal changes in the infrastructure.

This collection has several example applications. Each folder contains docker-compose file, that describes key management procedures and configurations of Acra.

#ExampleWhat's inside
1Intrusion detection system, transparent encryption, PostgreSQLGo application, transparent encryption/decryption, poison records, PostgreSQL
2SQL injection prevention, AcraCensorOWASP Mutillidae vulnerable web application, AcraConnector, AcraServer, AcraCensor (SQL firewall)
3Load balancingpython client application, AcraServer, HAProxy
4Transparent encryption, Django, PostgreSQLDjango web application, transparent encryption/decryption, AcraServer, PostgreSQL
5Transparent encryption, TimescaleDBTimescaleDB, transparent encryption/decryption, AcraServer
6Transparent encryption, Python app, MySQL, PostgreSQLMySQL, PostgreSQL, transparent encryption/masking/tokenization, Python, AcraServer
7Client-side encryption, Django, PostgreSQLDjango web application with client-side encryption (AcraWriter), decryption on AcraServer, PostgreSQL
8Client-side encryption, python app, PostgreSQLSimple python client application, client-side encryption, decryption on AcraServer, PostgreSQL
9Client-side encryption, Ruby on Rails app, PostgreSQLRuby on Rails web application, client-side encryption, decryption on AcraServer, PostgreSQL
10Transparent encryption, python app, CockroachDBSimple python client application, transparent encryption/decryption on AcraServer, CockroachDB
11Search in encrypted datapython client app, AcraServer, MySQL / PostreSQL database
12AcraTranslator DemoGo API Server, AcraTranslator, MongoDB
13DB Migration Demopython client app, AcraServer, PostreSQL database

Overview

Integrating Acra into any application requires 3 steps:

  1. Generate cryptographic keys. In this examples, we generate only required keys for each example (Master key, and data encryption keys, rarely others). Refer to Key management to learn more about keys.
  2. Configure and deploy services.
    1. transparent encryption for SQL databases – configure and deploy AcraServer. Configure AcraServer's behavior, set up TLS, connect to the database, select which fields/columns to encrypt.
    2. encryption-as-a-service for NoSQL databases – configure and deploy AcraTranslator. Configure AcraTranslator's behavior, set up TLS, select gRPC or REST API.
    3. client-side encryption – you can encrypt data in the client application using AcraWriter, then decrypt data on AcraServer or AcraTranslator.
  3. Update client-side code.
    1. transparent encryption for SQL databases – just point client-side app to AcraServer instead of the database.
    2. encryption-as-a-service for NoSQL databases – call AcraTranslator API from client-side app and encrypt/decrypt fields on AcraTranslator.
    3. client-side encryption – integrate AcraWriter, call it to encrypt fields in the app before sending them to the database.

Please refer to the Acra Data flows for more detailed description and schemes.


Further steps

Let us know if you have any questions by dropping an email to dev@cossacklabs.com.

  1. Acra website – learn about all Acra features, defense in depth, how it's better than "just TLS" and available licenses.
  2. Acra Community Edition – Acra Community Edition repository.
  3. Acra docs – all Acra docs and guides.

Need help?

Need help in configuring Acra? Read more about support options and Acra Enterprise Edition.