Advanced Installation Options
Minimum requirements
See the the project requirements page to get started.
Installation options
The Fides team maintains a Python package published on PyPI (opens in a new tab), and a Docker image on the ethyca/fides DockerHub (opens in a new tab).
Additionally, the Fides team maintains a set of Helm charts (opens in a new tab) and Terraform modules (opens in a new tab) to assist in the deployment of Fides.
Using Helm (Recommended if using Kubernetes)
To install the Helm chart to an existing Kubernetes cluster, run the following commands:
helm repo add ethyca https://helm.ethyca.com
helm pull ethyca/fidesThen, set the required values in a values.yaml file and run
helm install fides ethyca/fides --values values.yamlFor more information on installing the Fides Helm chart, please refer to the Helm chart's README (opens in a new tab)
Using Terraform
To install Fides and its required infrastructure using Terraform to AWS Elastic Container Service (ECS), please refer to the Terraform module's README (opens in a new tab)
Using Docker
The published reference images contain all of the extras and dependencies for running the Python application, but do not contain the required Postgres database.
Run the following command to pull the latest image from Ethyca's DockerHub (opens in a new tab):
docker pull ethyca/fidesUsing Pip
To install Fides from the published PyPI package, run:
pip install ethyca-fidesSet up your database
Fides uses an application database for persistent storage. Configure your own Postgres database according to the configuration of your choice, ensuring it satisfies the minimum requirements.
Options include:
- Managed PostgreSQL database services (e.g. AWS RDS, GCP Cloud SQL, Azure Database)
- Self-hosted PostgreSQL Docker container with a persistent volume mount (e.g. on a Kubernetes cluster)
- Self-hosted PostgreSQL server (e.g. on an EC2 server)
💡There is no reason to expose this database to the public internet as long as it will be accessible by your webserver.
Once the database is up and running:
- create a database user for the webserver (e.g.
fides) - create a new database for the webserver (e.g.
fides), and - assign a secure password
Ensure you make note of your connection credentials, as those values will be used in later configuration steps.
Set up your cache
To ensure personal data is never retained erroneously, Fides collects privacy request result data in a temporary Redis cache that automatically expires.
Any hosted Redis database that meets the project requirements work for this purpose. Follow the deployment documentation of your choice to get set up your Redis cache.
Options include:
- A simple Docker redis container (https://hub.docker.com/_/redis (opens in a new tab))
- A managed service (e.g. AWS ElastiCache, GCP Memorystore, Azure Cache, Redis Cloud)
💡There is no reason to expose this cache to the public internet as long as it will be accessible by your webserver.
Once your cache is available:
- enable a password (via Redis AUTH (opens in a new tab)) to provide additional security
Ensure you make note of your connection credentials, as those values will be used when configuring Fides.
Configure Fides
Fides configuration variables are maintained in either a fides.toml file, or environment variables. These should be replaced with the connection credentials for your Postgres and Redis instances, as well as any other information unique to your deployment.
The minimum configuration variables are as follows:
FIDES__DATABASE__SERVER="fides-db"
FIDES__DATABASE__USER="postgres"
FIDES__DATABASE__PASSWORD="fides"
FIDES__DATABASE__PORT=5432
FIDES__DATABASE__DB="fides"
FIDES__USER__ANALYTICS_OPT_OUT=false
FIDES__REDIS__HOST="redis"
FIDES__REDIS__PASSWORD="testpassword"
FIDES__REDIS__PORT= 6379
FIDES__REDIS__SSL=false
FIDES__REDIS__SSL_CERT_REQS="required"
FIDES__SECURITY__APP_ENCRYPTION_KEY="athirtytwocharacterencryptionkey"
FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID="fidesadmin"
FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET="fidesadminsecret"
FIDES__SECURITY__ROOT_USERNAME="root_user"
FIDES__SECURITY__ROOT_PASSWORD="Testpassword1!"
FIDES__ADMIN_UI__ENABLED=true| Minimum Configuration Variables | |
|---|---|
FIDES__DATABASE__SERVER | The hostname given to your PostgreSQL database server. |
FIDES__DATABASE__USER | The username created for Fides to access the PostgreSQL database server. |
FIDES__DATABASE__PASSWORD | The password created for Fides to access the PostgreSQL database server. |
FIDES__DATABASE__PORT | The port for your PostgreSQL database server. |
FIDES__DATABASE__DB | The name of the PostgreSQL database. |
FIDES__USER__ANALYTICS_OPT_OUT | Whether you are opted in or out of sending analytics data to Ethyca. |
FIDES__SECURITY__APP_ENCRYPTION_KEY | An AES256 encryption key used for database and JSON encryption. Must be exactly 32 characters (256bits). |
FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID | A customizable Client ID used for the "root" OAuth client. |
FIDES__SECURITY__ROOT_PASSWORD | A client secret used for the "root" OAuth client. |
FIDES__SECURITY__ROOT_USERNAME | A root user to log in as when accessing the UI. |
FIDES__SECURITY__ROOT_PASSWORD | A password for the root user. |
FIDES__REDIS__HOST | The hostname for your Redis cache. |
FIDES__REDIS__PORT | The port for your Redis cache. |
FIDES__REDIS__PASSWORD | The password created for Fides to access the Redis cache. |
See the Configuration guide for a full list of settings, as well as a sample fides.toml.
Running the webserver
Once configured, you can start your server:
Docker:
docker run ethyca/fidesPython:
fides webserverWith the Fides webserver running, the hosted UI is available at http://{server_url}/ (e.g. http://localhost:8080/).
Next steps
Now that Fides is up and running, you're ready to get started with privacy request automation and data mapping!