Using Fortanix Confidential Computing Manager with PostgreSQL

  • Updated on Jul 17, 2024
  • Published on Jun 13, 2024
  • 2 minute(s) read

1.0 Introduction

This article describes how to integrate a PostgreSQL (PSQL) image in Amazon Web Services (AWS) Nitro using Fortanix Confidential Computing Manager (CCM).
PostgreSQL, often simply "Postgres", is an object-relational database management system (ORDBMS) emphasizing extensibility and standards compliance. As a database server, its primary function is to store data securely and in accordance with best practices, and then retrieve it when other software applications, whether on the same computer or on another computer across a network (including the Internet), request it.

2.0 Prerequisites

  • A Fortanix CCM account.

  • Nitro-enabled AWS EC2 instance with Docker installed and enrolled in Fortanix CCM.

3.0 Running the PSQL on AWS Nitro

  1. Click the Applications menu item in the CCM UI left navigation bar and click the + ADD APPLICATION button to create a new AWS Nitro application.  

    Fig-5-application-landing-screen.png

    Figure 1: Create new app

  2. Add an Enclave OS application.
      See the User's Guide: Add and Edit an Application” article for more information

    add-eos-image-form-page.png
    add-eos-image-form-page-1.png

    Figure 2: Create app

  3. Approve the domain for the Application. See the article “User’s Guide: Tasks” for more information.

  4. In the detailed view of the application, click the + IMAGES button to create a new application image. 

    add-image-Nginx.png

    Figure 3: Create application image

  5. Create an image of the application by providing a proper tag. See the “User's Guide: Create an Image” article for more information

    add-eos-image-form-page-2.png

    Figure 4: Create image

  6. Approve the image for the application. See the article “User's Guide: Tasks” for more information.

    pending-landing-screen.png

    Figure 5: Approve image

  7. Now on your AWS nitro machine, run the application image using the following command:

    $ sudo docker run -it --rm -e ALLOW_EMPTY_PASSWORD=yes -e RUST_LOG=info –privileged -e NODE_AGENT_BASE_URL=<IP> -v /run/nitro_enclaves:/run/nitro_enclaves --pull=always <converted_image_name:tag>

    Where,

    • 9092 is the default port on which Node Agent listens to.

    • <IP>s is the node agent Host IP (Your IP address will be different and can be checked on the “Compute Nodes” page under the Infrastructure tab).

    For example,

    $ sudo docker run -it --rm -e ALLOW_EMPTY_PASSWORD=yes -e RUST_LOG=info –privileged -e NODE_AGENT_BASE_URL=http://172.31.14.110:9092/v1/ -v /run/nitro_enclaves:/run/nitro_enclaves --pull=always <image_name:tag>This should start a PostgreSQL server in the AWS Nitro enclave.
    PSQL-NitroRun.png

    Figure 6: PostgreSQL server

  8. Run the following command:

    $ sudo docker run -it <converted_image_name:tag> psql -h <ip-addr-server-container>

    The IP address of the server container can be found using the following command:

    $ sudo docker inspect <container name>

    For example,

    $ sudo docker run -i bitnami/postgresql:latest psql -h 172.17. 0.0 -l

    This should start up the PSQL client as shown below:

    PSQL-_Client.png

    Figure 7: PSQL client

  9. To ensure the application is running, go to the Fortanix CCM UI and click the Applications tab. Verify that there is a running application image associated with it and displayed with the application in the detailed view of the application.

    NOTE

    The conversion does not currently support file persistence.

Related articles