Skip to content

Add Fidesctl to the App

In this step you will incorporate fidesctl, which will enable you to declare your system, dataset, and policy resources as manifest YAML files.

Add the fidesctl Dependency

Open the requirements.txt file and add the fidesctl dependency by including the following line:

1
fidesctl>=1.0.0

Then, install the dependencies by running:

1
pipx install -r requirements.txt

Initializing Fidesctl

With fidesctl installed, it's time to initialize the project so we have some place to start adding resource manifests and tweaking our configuration. Run the following command and follow the prompts to get your local fidesctl instance initialized.

Initialize Fidesctl
1
fidesctl init
Expected Output
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
Initializing Fidesctl...
----------
Created a './.fides' directory.
----------
Created a fidesctl config file: ./.fides/fidesctl.toml
To learn more about configuring fidesctl, see:
    https://ethyca.github.io/fides/installation/configuration/
----------
For example policies and help getting started, see:
    https://ethyca.github.io/fides/guides/policies/
----------
Fidesctl initialization complete.

Configuring Fidesctl

See our Configuration guide for more information on how to configure fidesctl.

Run Fidesctl via Docker

Now that the dependency is included in the project and the configuration is in place, the fidesctl server needs to be told to run. The app uses docker-compose to orchestrate resources, so include fidesctl as a service by adding the following configuration after the database service:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
fidesctl:
  image: ethyca/fidesctl:latest
  depends_on:
    - db
  command: fidesctl webserver
  expose:
    - 8080
  ports:
    - "8080:8080"
  environment:
    FIDESCTL__DATABASE__DB: "fidesctl"
    FIDESCTL__DATABASE__PASSWORD: "postgres"
    FIDESCTL__DATABASE__PORT: 5432
    FIDESCTL__DATABASE__SERVER: "db"
    FIDESCTL__DATABASE__USER: "postgres"

See the fidesctl installation guide for a more detailed fidesctl server setup walkthrough, and the docker-compose documentation for an explanation of the above configuration options.

Check Your Progress

After making the above changes, your app should resemble the state of the ethyca/fidesdemo repository at the fidesops-start tag.

Next: Annotate the Resources

Now that the fidesctl tools are available to use within the app's virtual environment, the next step is to configure fidesctl to work with the specifics of this app. This can be done by creating manifest files to annotate the resources.

Back to top