CLI for Fides
Project description
Meet Fidesctl: Privacy Policies as Code
Join the waitlist to get started with our free, hosted version!
:zap: Overview
Fides (fee-dhez, Latin: Fidēs) is an open-source tool that allows you to easily declare your systems' privacy characteristics, track privacy related changes to systems and data in version control, and enforce policies in both your source code and your runtime infrastructure.
:rocket: Quick Start
-
Get running with Docker: First, ensure that you have
make
anddocker
installed locally, and clone the Fides repo. Then, from the fides directory, run the following commands:This will spin up the entire project and open a shell within the
fidesctl
container. Once you see thefidesctl#
prompt (takes ~3 minutes the first time), you know you're ready to go:Run
make cli
~/git/fides% make cli Build the images required in the docker-compose file... ... Building fidesapi ... Building fidesctl ... Building docs ... root@1a742083cedf:/fides/fidesctl#
This builds the required images, spins up the database, and runs the initialization scripts.Run
fidesctl init
Initializing Fidesctl... ---------- Created a './.fides' directory. ---------- Created a fidesctl config file: ./.fides/fidesctl.toml To learn more about configuring fidesctl, see: https://ethyca.github.io/fides/installation/configuration/ ---------- For example policies and help getting started, see: https://ethyca.github.io/fides/guides/policies/ ---------- Fidesctl initialization complete.
-
Use the
evaluate
command to see if this project's demo analytics and demo marketing systems are compliant with your privacy policy as code:Run
fidesctl evaluate demo_resources/
root@fa175a43c077:/fides/fidesctl# fidesctl evaluate demo_resources Loading resource manifests from: demo_resources Taxonomy successfully created. ---------- Processing registry resources... CREATED 1 registry resources. UPDATED 0 registry resources. SKIPPED 0 registry resources. ---------- Processing dataset resources... CREATED 1 dataset resources. UPDATED 0 dataset resources. SKIPPED 0 dataset resources. ---------- Processing policy resources... CREATED 1 policy resources. UPDATED 0 policy resources. SKIPPED 0 policy resources. ---------- Processing system resources... CREATED 2 system resources. UPDATED 0 system resources. SKIPPED 0 system resources. ---------- Loading resource manifests from: demo_resources Taxonomy successfully created. Evaluating the following policies: demo_privacy_policy ---------- Checking for missing resources... Executing evaluations... Sending the evaluation results to the server... Evaluation passed!
Congratulations, you've successfully run your first fidesctl
evaluate
command! -
Now, take a closer look at
demo_resources/demo_policy.yml
which describes an organization's privacy policy as code. This policy just includes one rule: fail if any system uses contact information for marketing purposes.Run
cat demo_resources/demo_policy.yml
policy: - fides_key: demo_privacy_policy name: Demo Privacy Policy description: The main privacy policy for the organization. rules: - fides_key: reject_direct_marketing name: Reject Direct Marketing description: Disallow collecting any user contact info to use for marketing. data_categories: matches: ANY values: - user.provided.identifiable.contact data_uses: matches: ANY values: - advertising data_subjects: matches: ANY values: - customer data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
-
Lastly, we're going to modify our annotations in a way that would fail the policy we just looked at:
Edit
demo_resources/demo_system.yml
and uncomment the line that addsuser.provided.identifiable.contact
to the list ofdata_categories
for thedemo_marketing_system
.Add User-provided contact info to the demo_marketing_system
privacy_declarations: - name: Collect data for marketing data_categories: - #- user.provided.identifiable.contact # uncomment to add this category to the system + - user.provided.identifiable.contact # uncomment to add this category to the system - user.derived.identifiable.device.cookie_id data_uses: marketing_advertising_or_promotion data_subjects:
Run
fidesctl evaluate demo_resources/
Running
fidesctl evaluate demo_resources
now causes an evaluation failure. The privacy policy "Reject Direct Marketing" rule disallows collecting contact information for marketing purposes, and flagged the violatingprivacy_declaration
during evaluation.root@fa175a43c077:/fides/fidesctl# fidesctl evaluate demo_resources ... Executing evaluations... { "status": "FAIL", "details": [ "Declaration (Collect data for marketing) of System (demo_marketing_system) failed Rule (Reject Direct Marketing) from Policy (demo_privacy_policy)" ], "message": null }
At this point, you've seen some of the core concepts in place: declaring systems, evaluating policies, and re-evaluating policies on every code change. But there's a lot more to discover, so we'd recommend following the tutorial to keep learning.
:book: Learn More
The Fides core team is committed to providing a variety of documentation to help get you started using Fidesctl. As such, all interactions are governed by the Fides Code of Conduct.
Documentation
For more information on getting started with Fides, how to configure and set up Fides, and more about the Fides ecosystem of open source projects:
- Documentation: https://ethyca.github.io/fides/
- Tutorial: https://ethyca.github.io/fides/tutorial/
- Deployment: https://ethyca.github.io/fides/deployment/
- Roadmap: https://github.com/ethyca/fides/projects
- Website: www.ethyca.com/fides
Support
Join the conversation on:
Contributing
We welcome and encourage all types of contributions and improvements! Please see our contribution guide to opening issues for bugs, new features, and security or experience enhancements.
Read about the Fides community or dive into the development guides for information about contributions, documentation, code style, testing and more. Ethyca is committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.
:balance_scale: License
The Fides ecosystem of tools (Fidesops and Fidesctl) are licensed under the Apache Software License Version 2.0. Fides tools are built on Fideslang, the Fides language specification, which is licensed under CC by 4.
Fides is created and sponsored by Ethyca: a developer tools company building the trust infrastructure of the internet. If you have questions or need assistance getting started, let us know at fides@ethyca.com!
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.