Skip to main content

Getting Started with SecureField

With SecureField, ThorAPI ensures that your data is always encrypted—whether at rest, in transit, or in memory. The secure encryption framework provides an additional layer of protection by wrapping field access and ensuring compliance with the highest security standards.

SecureField offers JPA-backed persistence with any Spring JPA/JDBC-compatible database, with schema migrations handled via Liquibase, allowing seamless backend integration and maintenance.

SecureField automatically generates Spring Boot REST APIs and client libraries in Typescript. Use the full power of automated code generation for CRUD operations, ensuring secure, high-performance microservices and APIs.

  • Enhanced Security: Adds an additional layer of protection against data breaches, including raw data dumps or memory inspection.

SecureField also supports password hashing and plays a crucial role in ThorAPI's user authentication and authorization functionality. It delivers a standards-based, secure implementation for permissions and Access Control Lists (ACLs), enabling robust security management within your applications.

SecureFields are encrypted with the THORAPI_SECRET_KEY which you provide as a command line or environment variable.

WARNING: YOUR DATA WILL BE PERMANENTLY LOST IF YOU LOSE OR OTHERWISE BUNGLE THE THORAPI_SECRET_KEY

Prerequisites

Before you begin, ensure you have the following software installed:

Generation Steps

Follow these steps to generate your API and client code:

1. Enhance Your OpenAPI Specification

  • Incorporate CRUD Operations: Define create, read, update, and delete operations in your API definitions.

  • Include SecureField-Specific Annotations: Utilize annotations such as @SecureField and @DataField to enhance security and data handling.

  • Add Required Fields: Ensure fields like last_modified_date and owner_id are included in your models.

2. Generate Code

  • Spring Boot Service:

    • Generate RESTful CRUD APIs with integrated JPA backend.

  • TypeScript Client:

    • Generate a fetch-based API client.
    • Include end-to-end validation with Jest testing.

3. Run the Service

  • Deploy Your Service: Run your generated Spring Boot microservices.

  • Database Connection: Connect to your preferred database and configure settings as needed.

Input Files:

  • src/main/resources/openapi/api.yaml: Your base OpenAPI specification.
  • src/main/resources/openapi/api.hbs: The ThorAPI Handlebars template.

Command:

java -jar thorapi/target/thorapi-1.0-SNAPSHOT-exec.jar \
  src/main/resources/openapi/api.yaml \
  src/main/resources/openapi/output-api.yaml \
  src/main/resources/openapi/api

**Generating the Output Project**
Run Maven in the root of the project to clean and install the project and run the CodeGen process for both Java Spring and TypeScript:

```bash

mvn clean install

This build will generate the backend Spring Boot service code under the generated/spring/ folder.

The generated project is a Maven Spring Boot project that provides the generated API via an executable jar.

You can build the executable jar and (optionally) run it using Maven.

cd generated/spring
# run with defaults (h2 db)
    --spring.datasource.url="$SPRING_DATASOURCE_URL" \
    --spring.jpa.hibernate.ddl-auto=update \
    --spring.datasource.username="$SPRING_DATASOURCE_USERNAME" \
    --spring.datasource.password="$SPRING_DATASOURCE_PASSWORD" \
    --spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver \
    --server.port="$SERVER_PORT" \
    --jwt.secret="$JWT_SECRET" \
|| error_exit "Failed to run backend instance"

THORAPI_SECRET_KEY is a MANDATORY environment or command line variable that is used to encrypt the SecureFields. Keep this private key secure.

A new THORAPI_SECRET_KEY can be generated with the generatekey command using the following command line:

java -jar lib/generator-<valkyrai_version>-exec.jar generatekey
export THORAPI_SECRET_KEY=generatedPrivateKey
// build the generated project
mvn clean install -f generated/spring/pom.xml