Skip to content
Advanced Installation

Advanced Installation Options

Want to quickly experiment with Fides? Clone the source repository (opens in a new tab) to utilize the built-in Docker Compose file, alternatively check out the quick start guide start-up guide to run a privacy request in minutes, or use follow the basic installation.

Minimum requirements

See the the project requirements page to get started.

Installation options

The Fides team maintains a Python package published on PyPI (opens in a new tab), and a Docker image on the ethyca/fides DockerHub (opens in a new tab).

Additionally, the Fides team maintains a set of Helm charts (opens in a new tab) and Terraform modules (opens in a new tab) to assist in the deployment of Fides.

Using Helm (Recommended if using Kubernetes)

To install the Helm chart to an existing Kubernetes cluster, run the following commands:

helm repo add ethyca
helm pull ethyca/fides

Then, set the required values in a values.yaml file and run

helm install fides ethyca/fides --values values.yaml

For more information on installing the Fides Helm chart, please refer to the Helm chart's README (opens in a new tab)

Using Terraform

To install Fides and its required infrastructure using Terraform to AWS Elastic Container Service (ECS), please refer to the Terraform module's README (opens in a new tab)

Using Docker

The published reference images contain all of the extras and dependencies for running the Python application, but do not contain the required Postgres database.

Run the following command to pull the latest image from Ethyca's DockerHub (opens in a new tab):

docker pull ethyca/fides

Using Pip

To install Fides from the published PyPI package, run:

pip install ethyca-fides

Set up your database

Fides uses an application database for persistent storage. Configure your own Postgres database according to the configuration of your choice, ensuring it satisfies the minimum requirements.

Options include:

  • Managed PostgreSQL database services (e.g. AWS RDS, GCP Cloud SQL, Azure Database)
  • Self-hosted PostgreSQL Docker container with a persistent volume mount (e.g. on a Kubernetes cluster)
  • Self-hosted PostgreSQL server (e.g. on an EC2 server)
    There is no reason to expose this database to the public internet as long as it will be accessible by your webserver.

Once the database is up and running:

  1. create a database user for the webserver (e.g. fides)
  2. create a new database for the webserver (e.g. fides), and
  3. assign a secure password

Ensure you make note of your connection credentials, as those values will be used in later configuration steps.

Set up your cache

To ensure personal data is never retained erroneously, Fides collects privacy request result data in a temporary Redis cache that automatically expires.

Any hosted Redis database that meets the project requirements work for this purpose. Follow the deployment documentation of your choice to get set up your Redis cache.

Options include:

  • A simple Docker redis container ( (opens in a new tab))
  • A managed service (e.g. AWS ElastiCache, GCP Memorystore, Azure Cache, Redis Cloud)
    There is no reason to expose this cache to the public internet as long as it will be accessible by your webserver.

Once your cache is available:

  1. enable a password (via Redis AUTH (opens in a new tab)) to provide additional security

Ensure you make note of your connection credentials, as those values will be used when configuring Fides.

Configure Fides

Fides configuration variables are maintained in either a fides.toml file, or environment variables. These should be replaced with the connection credentials for your Postgres and Redis instances, as well as any other information unique to your deployment.

The minimum configuration variables are as follows:

Minimum Configuration Variables
FIDES__DATABASE__SERVERThe hostname given to your PostgreSQL database server.
FIDES__DATABASE__USERThe username created for Fides to access the PostgreSQL database server.
FIDES__DATABASE__PASSWORDThe password created for Fides to access the PostgreSQL database server.
FIDES__DATABASE__PORTThe port for your PostgreSQL database server.
FIDES__DATABASE__DBThe name of the PostgreSQL database.
FIDES__USER__ANALYTICS_OPT_OUTWhether you are opted in or out of sending analytics data to Ethyca.
FIDES__SECURITY__APP_ENCRYPTION_KEYAn AES256 encryption key used for database and JSON encryption. Must be exactly 32 characters (256bits).
FIDES__SECURITY__OAUTH_ROOT_CLIENT_IDA customizable Client ID used for the "root" OAuth client.
FIDES__SECURITY__ROOT_PASSWORDA client secret used for the "root" OAuth client.
FIDES__SECURITY__ROOT_USERNAMEA root user to log in as when accessing the UI.
FIDES__SECURITY__ROOT_PASSWORDA password for the root user.
FIDES__REDIS__HOSTThe hostname for your Redis cache.
FIDES__REDIS__PORTThe port for your Redis cache.
FIDES__REDIS__PASSWORDThe password created for Fides to access the Redis cache.

See the Configuration guide for a full list of settings, as well as a sample fides.toml.

Running the webserver

Once configured, you can start your server:


docker run ethyca/fides


fides webserver

With the Fides webserver running, the hosted UI is available at http://{server_url}/ (e.g. http://localhost:8080/).

Next steps

Now that Fides is up and running, you're ready to get started with privacy request automation and data mapping!