Getting started

This guide shows you how to easily get started with D1 Storage.

Running D1 Storage locally with Docker Compose

In this section, you will be guided through how to get started with D1 Storage in Docker. This guide will use gRPCurl to call the gRPC endpoints, but we also provide a Go client.

Requirements

Docker
gRPCurl or another tool to call the gRPC endpoints.

By default D1 Storage reads its configuration from the TOML file config.toml, but it is possible to provide another configuration file or to overwrite specific configuration options. For more information, see the Configuration section in the user manual.

In the following we show how to use the built in Standalone ID Provider for user management. D1 Storage also supports using an external OIDC provider as an authentication/authorization mechanism. See the User Manual for more details.

Step 1: Start a local Docker Compose instance

Place the following Docker Compose file next to your config.toml. Note that we use S3 as the IO Provider in this example. For more details on how to configure various IO Providers see the User Manual.

services:
  # D1 Storage
  d1-service-storage:
    image: cybercryptio/d1-service-storage:<version>
    container_name: d1-service-storage
    environment:
      D1_IO_S3_URL: "http://minio:9000"
      D1_IO_S3_BUCKET: "objects"
      D1_IO_S3_ID: "storageid"
      D1_IO_S3_KEY: "storagekey"
    volumes:
      - ${PWD}/config.toml:/config.toml
    ports:
      - 9000:9000
    depends_on:
      minio-init:
        condition: service_completed_successfully
    tty: true

  # Object storage
  minio:
    image: minio/minio:RELEASE.RELEASE.2022-07-08T00-05-23Z
    container_name: minio
    volumes:
      - /data
    environment:
      MINIO_ROOT_USER: "storageid"
      MINIO_ROOT_PASSWORD: "storagekey"
    command: server /data
    healthcheck:
      test: ["CMD", "curl", "-f", "localhost:9000/minio/health/live"]
      timeout: 30s
      interval: 5s
      retries: 5

  minio-init:
    image: minio/mc:RELEASE.2022-07-06T14-54-36Z
    container_name: minio-init
    environment:
      MINIO_ROOT_USER: "storageid"
      MINIO_ROOT_PASSWORD: "storagekey"
      MINIO_DEFAULT_BUCKETS: "objects"
    entrypoint: |
      /bin/sh -c "
      /usr/bin/mc config host add --api s3v4 storage http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD};
      /usr/bin/mc mb storage/$${MINIO_DEFAULT_BUCKETS};
      /usr/bin/mc policy set public storage/$${MINIO_DEFAULT_BUCKETS};
      "
    depends_on:
      minio:
        condition: service_healthy

To start the service call

docker compose up --detach

You now have a complete D1 Storage instance inside Docker. The gRPC API is available on localhost:9000. When running the following command,

docker ps

the output will show that two containers, d1-service-storage and minio, are running.

Step 2: Bootstrap an initial user

docker exec d1-service-storage /d1-service-storage create-user

This user is created without any scopes, since this user should only be used to create other users, and user management does not require any scopes. Optionally you can set an additional parameter to set the scopes for the initial user. For more details on scopes see the the Standalone User Management section in the user manual.

Note down the generated credentials: user_id and password from the output. They should be used to login to D1 Storage.

grpcurl -plaintext \
-d '{
      "user_id": <user_id>,
      "password": <password>
    }' \
localhost:9000 d1.authn.Authn.LoginUser

Output:

{
  "accessToken": <access token>,
  "expiryTime": "1653039503"
}

When logging in, an access token is returned. The user needs to pass this token as gRPC metadata in all future calls in order to be authorized.

Step 4: Create a second user

The initial user can create a second user:

grpcurl -plaintext -H "authorization: bearer <access token>" \
-d '{
      "scopes": ["READ", "CREATE", "UPDATE", "DELETE", "GETACCESS", "MODIFYACCESS"]
}' \
localhost:9000 d1.authn.Authn.CreateUser

Output:

{
  "user_id": "44c8fa82-f8ed-46b0-94d1-8921a19c0d62",
  "password": "Vju86gvJTEKK9zBIZAHloa2K0y2Vw_eJC7icmmCP-jc"
}

Step 5: Use D1 Storage to store an object

The new user can now store an object using the Store endpoint:

grpcurl -plaintext -H "authorization: bearer <access token>" \
-d '{
      "plaintext": "1234",
      "associated_data": "5678"
}' \
localhost:9000 d1.storage.Storage.Store

Output:

{
  "object_id": "a9a909b9-6019-488d-bfb4-b8b4243ae177"
}

The user needs to keep the object_id in order to be able to retrieve the object later.

Step 6: Shut down the D1 Storage instance

The D1 Storage instance can be shut down by running:

docker compose down

Getting started

Running D1 Storage locally with Docker Compose​

Requirements​

Step 1: Start a local Docker Compose instance​

Step 2: Bootstrap an initial user​

Step 3: Login as initial user​

Step 4: Create a second user​

Step 5: Use D1 Storage to store an object​

Step 6: Shut down the D1 Storage instance​

Running D1 Storage locally with Docker Compose

Requirements

Step 1: Start a local Docker Compose instance

Step 2: Bootstrap an initial user

Step 3: Login as initial user

Step 4: Create a second user

Step 5: Use D1 Storage to store an object

Step 6: Shut down the D1 Storage instance