Docker - Quickstart

Docker Compose simplifies the configuration and deployment of multi-container Docker applications. By defining services in the docker-compose.yml file and customizing the parameters to suit your needs, you can easily create and start Transaction Security Broker with a single command. We assume docker and docker-compose as well as the PrimusHSM is setup and installed, if not please install it using the official userguide(s).

• Install Docker Engine
• Overview of installing Docker Compose
• PrimusHSM Installation

Take care

This Quickstart Guide start TSB with default Database-Credentials and without TLS configured and to be used for development purpose only.

Download configuration files

Head to the Downloads page to get instructions on how to get the software and credentials.

Configure the HSM-Connection Parameters

Tip

If you are working on Windows we can simply adjust the 'application-local.yml' with the HSM connection properties.
You can leave the docker-compose.yml and other file as it is.

If you are running TSB on Linux, change the securosys_sql image in the docker-compose.yml file, from image: mysql:8.0 to image: docker.io/mariadb:10.4.

:~$ nano securosys_TSB_1.15.1.1/config-files/application-local.yml

Adjust the following properties

• hsm.host
• hsm.port
• hsm.user
• hsm.setupPassword

If you are connecting with Securosys CloudHSM or your own PrimusHSM-Cluster, please replace connection details (hostname & port) from HSMaaS - Connectivity Details or TSBaaS - Connectivity Details

hsm:
  host: 'nufenen.securosys.ch,grimsel.securosys.ch' # REPLACE with the hsm URL or IP
  port: '2400' # REPLACE with HSM JCE-Port
  user: TEST # REPLACE with your HSM username (PartitionName)
  setupPassword: gwe5p-Y5Lt2-nm4dJ-4SQux-KvLSk # REPLACE with your HSM SetupPassword
  encryptionPassword: G5VbL-R84Qy-XQmyR-8RZ5Z-tDtr4 # REPLACE it with some random value (high entropy). This password is used to encrypt the hsm user secret, stored in the SQL-Ddatabase

Config

(grimsel.securosys.ch, nufenen.securosys.ch is an HSM-Cluster for Development Purpose only, and require a DEV-Account (e.g. an account starting with PRIMUSDEVXXX issued by Securosys)

Start the application

docker login securosys.jfrog.io -u robot.reader.tsb

Password: #<ENTER PASSWORD FROM DOWNLOAD-LINK FILE> # if not know, check the Download page.

docker-compose up -d

Open Swagger

Open the (Swagger) to interact with the API in your browser: http://localhost:8080/swagger-ui/index.html

What's next?

• Follow the instructions to Create a Key and use it to encrypt and decrypt a payload
• Full installation Guide here