github build-trust/ockam ockam_v0.75.0
Ockam v0.75.0

2 years ago

Encrypted Cloud Relays - for any application!

Here's something to try with this release!

Let's create an end-to-end encrypted, mutually authenticated, secure and private cloud relay detailed explanation

# Install ockam command
brew install build-trust/ockam/ockam

# Create a cryptographic identity and enroll with Ockam Orchestrator.
# This will sign you up for an account with Ockam Orchestrator and setup a
# trial space and project for you.
ockam enroll

# -- APPLICATION SERVICE --

# Start our application service, listening on a local ip and port, that clients
# would access through the cloud relay. We'll use a simple http server for our
# first example but this could be some other application service.
python3 -m http.server --bind 127.0.0.1 5000

# Setup an ockam node, called blue, as a sidecar next to our application service.
# Create a tcp outlet on the blue node to send raw tcp traffic to the application service.
# Then create a forwarding relay at your default orchestrator project to blue.
ockam node create blue
ockam tcp-outlet create --at /node/blue --from /service/outlet --to 127.0.0.1:5000
ockam forwarder create blue --at /project/default --to /node/blue

# -- APPLICATION CLIENT --

# Setup an ockam node, called green, as a sidecar next to our application client.
# Then create an end-to-end encrypted secure channel with blue, through the cloud relay.
# Then tunnel traffic from a local tcp inlet through this end-to-end secure channel.
ockam node create green
ockam secure-channel create --from /node/green --to /project/default/service/forward_to_blue/service/api \
  | ockam tcp-inlet create --at /node/green --from 127.0.0.1:7000 --to -/service/outlet

# Access the application service though the end-to-end encrypted, secure relay.
$ curl 127.0.0.1:7000

We just created end-to-end encrypted, mutually authenticated, and authorized secure communication between a tcp client and server. This client and server can be running in separate private networks / NATs. We didn't have to expose our server by opening a port on the Internet or punching a hole in our firewall.

The two sides authenticated and authorized each other's known, cryptographically provable identifiers. In later examples we'll see how we can build granular, attribute-based access control with authorization policies.

A more detailed explanation https://docs.ockam.io/guides/encrypted-cloud-relays
To learn more, install and run ockam --help

Homebrew

To install this release using Homebrew:

$ brew install build-trust/ockam/ockam

Docker

To use the Docker OCI package:

docker pull ghcr.io/build-trust/ockam:0.75.0

Precompiled Binaries

To install a precompiled binary:

# download ockam command binary for your architecture
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.75.0/ockam.x86_64-unknown-linux-gnu

# rename the download binary and give it permission to execute
mv ockam.x86_64-unknown-linux-gnu ockam
chmod u+x ockam

Verify:

# download sha256sums.txt
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.75.0/sha256sums.txt

# download sha256sums.txt.sig
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.75.0/sha256sums.txt.sig

# download our release public key
curl --proto '=https' --tlsv1.2 -sSfL -o ockam.pub \
  https://raw.githubusercontent.com/build-trust/ockam/develop/tools/docker/cosign.pub

# verify signatures
cosign verify-blob --key ockam.pub --signature sha256sums.txt.sig sha256sums.txt

# download ockam command binary for your architecture
curl --proto '=https' --tlsv1.2 -sSfL -O \
  https://github.com/build-trust/ockam/releases/download/ockam_v0.75.0/ockam.x86_64-unknown-linux-gnu

# verify that the sha256 hash of the downloaded binary is the same as
# the corresponding hash mentioned in sha256sums.txt
cat sha256sums.txt | grep ockam.x86_64-unknown-linux-gnu | sha256sum -c

# rename the download binary and give it permission to execure
mv ockam.x86_64-unknown-linux-gnu ockam
chmod u+x ockam

Rust Crates

To use Ockam as a Rust library, run the following command within your project directory:

cargo add ockam@0.75.0

The following crates were published as part of this release:

Contributors

Community Contributors

Full Changelog

ockam_v0.74.0...ockam_v0.75.0

Don't miss a new ockam release

NewReleases is sending notifications on new releases.