Preparing the application image
In this tutorial, we're going to discuss how to make an application that is ready to for deployment with BlindBox. We'll explore the technical constraints you'll need to bear in mind for your application and show you our example "Hello World!" app code! 👋
To follow along with this tutorial and deploy your own BlindBox, you will need to:
- Have Docker installed in your environment. Here's the Docker installation guide.
It is important to keep in mind the external calls your application might make, when considering application deployment with BlindBox. This means that, ideally, your application should be self-sufficient, so that user's data will be sent to our secure execution environment without being exposed to any additional risks.
We are currently implementing a whitelisting feature so that data owners can whitelist any legitimate external domains needed for the application. When we launch it, any calls made from the BlindBox to domains not whitelisted will be blocked! This feature is coming soon, but it will still be preferable to rely on as few external domains as possible, because the data owner will have to verify all these domains.
The application code¶
Now, let's take a look at our application code that will be launched on our confidential VM by BlindBox.
from fastapi import FastAPI
# initialize our API app object
app = FastAPI()
# use fastapi decorator to turn our Hello World function into API endpoints on our uvicorn server
def hello() -> str:
return "Hello World"
if __name__ == "__main__":
# deploy our server on port 80
uvicorn.run(app, host="0.0.0.0", port=80)
You can view this file by downloading our github repository and taking a look at the
server.py file in the
!git clone https://github.com/mithril-security/blindbox
This program does the following:
Creates the API app object that "configures" the uvicorn server by providing handlers for specific endpoints
helloendpoint on our
uvicorn serverwhich users will be able to query on our BlindBox address once packaged and deployed.
Deploys our API on a python ASGI server (an asynchronous web server) on
It is important that the application is configured to run on port 80 because BlindBox will forward and receive traffic to the application on this port!
Packaging our application in a Docker image¶
Now that we're set up, we need to package our application in a Docker image. We'll take a look at the Dockerfile we used to package this Hello World application:
# download any requisites
RUN pip install
# provides handlers for specific endpoints on our server
# gives support for multipart requests
# uvicorn is a python ASGI server (an asynchronous web server)
# fastapi uses this library to define response/requests formats and to serialize/deserialize the response/requests
# copy our application code across to our container
COPY server.py /
# signal that application will run on port 80
# set command on launch to launch our application code
CMD ["python", "/server.py"]
Same as for the application code, this file can be viewed in the
examplesfolder in the official BlindBox GitHub repository.
There are no complex requirements for the Docker image, but it is recommended to
EXPOSE port 80 to signal that the application will be running on port 80 within our BlindBox.
But let's build our Hello World application image before we can deploy it with BlindBox:
# build application assigning it the tag "hello-world"
!docker build -t hello-world .