Get started demo
Last updated
Was this helpful?
Last updated
Was this helpful?
Let’s build a simple example together. We will create an encrypted from a psql microservice in Azure to a Postgres Database in AWS.
When you get done with this page you will understand
the basic building blocks of Ockam,
the first steps you should take in your architecture, and
how to build an end-to-end encrypted portal between two private services.
Run the following commands to install Ockam Command on your dev machine.
The `enroll` command does a lot! All at once it...
creates an Ockam Node on your machine.
guides you to sign in to your new Ockam Orchestrator Project.
makes you the administrator of your Project.
creates a Secure Channel between your local Ockam Node and your Project in Orchestrator.
Congrats! Your dev machine Node has a secure, encrypted Ockam Portal connection to your Project Node inside of Ockam Orchestrator over a Secure Channel!
The process is repeated in AWS through the same set of commands.
You now have an Ockam Node running in your VPC. As before, this Node will have
a set of private key Identifiers, stored in a local Vault
a Membership Credential that will allow this Ockam Node to join your Project in Orchestrator.
An Outlet is created in the Ockam Node and a raw TCP connection is created to the postgres server on localhost port 5432.
This command
initiates an outgoing tcp connection from the Ockam Node in AWS to your Project in Ockam Orchestrator.
creates a Relay in your Project at the address: postgres
Notice that we didn’t have to change anything in the AWS network settings. It’s possible because Bank Corp’s network allows outgoing tcp connections to the Internet. We use this port to create the Secure Channel.
This command
creates a tcp Portal Inlet.
creates a tcp listener on localhost port 15432.
creates an outgoing tcp connection to your Project.
creates an end-to-end Secure Channel from the Inlet to the Outlet in Bank Corp’s VPC via the Relay in your Project at address: postgres
Congrats! The psql microservice at Analysis Corp and the Postgres database at Bank Corp are connected with an Ockam Portal.
The psql service now has an end-to-end encrypted, mutually authenticated, secure channel connection with the postgres database on localhost:15432
In the next section we will dive into all sorts of ways to build portals across different infrastructures, networks, and applications.
and pick a subscription plan through the guided workflow on Ockam.io. After you complete this step you will have a Project in Ockam Orchestrator. A Project offers two services: a Membership and a service. More on both of those later.
generates a private key as your local Node’s cryptographic.
creates a local
asks your Project’s Membership Authority to issue and sign a for this Node.
creates a over the tcp connection.
creates a to your Project over this tcp connection.
All of the data-in-motion is end-to-end with strong forward secrecy as it moves through the Internet. The communication channel is and. Keys and Credentials are automatically rotated. Access to connect with postgres can be easily revoked.
This is just one simple example. Ockam’s stack of work together to ensure security, privacy, and trust in data. They can be combined and composed in all sorts of ways.