Meet Fidesops: Privacy as Code for DSAR Orchestration
A part of the greater Fides ecosystem.
⚡ Overview
Fidesops (fee-dez-äps, combination of the Latin term "Fidēs" + "operations") is an extensible, deployed engine that fulfills any privacy request (e.g. access request, erasure request) by connecting directly to your disparate databases.
🚀 Quick Start
If you're looking for a more detailed introduction to Fidesops, we recommend following our tutorial here.
Run the quickstart in your terminal to give Fidesops a test drive:
Install Docker: https://docs.docker.com/desktop/#download-and-install
Install Make: brew install make
git clone https://github.com/ethyca/fidesops.git
cd fidesops
make quickstartThis runs fidesops in docker along with the necessary data stores. It also spins up a test postgres database and a test mongo database to mimic your application. This quickstart will walk you through executing privacy requests against your system by making a series of API requests to fidesops.
Follow these five easy steps:
Step One: Set up basic configuration (press [enter] to make each API request)
- Authenticate by creating an Access Token
- Connect to your application's postgres and mongo databases with ConnectionConfigs
- Describe the types of data you have and their relationships with Datasets
- Dictate where to upload your results with StorageConfigs (a local folder for now)
Step Two: Define an Access Policy
Policies help describe what data you care about and how you want to manage it. In this example, you'll create an access
Policy,example_request_policy, to get all data with the data category: user.provided.identifiable.
Step Three: Run a Privacy Request to Access Data
Finally, you can issue a Privacy Request using Policy example_request_policy across your test databases for [email protected].
The following response will be uploaded to a local folder (for demo purposes). We've collected identifiable user-provided
information for Jane across tables in both the postgres and mongo databases.
{
"mongo_test:flights": [
{
"passenger_information": {
"full_name": "Jane Customer"
}
}
],
"mongo_test:payment_card": [
{
"ccn": "987654321",
"name": "Example Card 2",
"code": "123"
}
],
"postgres_example_test_dataset:address": [
{
"zip": "54321",
"street": "Example Place",
"state": "TX",
"city": "Example Mountain",
"house": 1111
}
],
"mongo_test:customer_details": [
{
"birthday": "1990-02-28T00:00:00",
"gender": "female",
"children": [
"Erica Example"
]
}
],
"postgres_example_test_dataset:customer": [
{
"email": "[email protected]",
"name": "Jane Customer"
}
],
"postgres_example_test_dataset:payment_card": [
{
"ccn": 373719391,
"name": "Example Card 3",
"code": 222
}
],
"mongo_test:employee": [
{
"email": "[email protected]",
"name": "Jane Employee"
}
],
"mongo_test:conversations": [
{
"thread": [
{
"chat_name": "Jane C"
}
]
},
{
"thread": [
{
"chat_name": "Jane C"
},
{
"chat_name": "Jane C"
}
]
}
]
}
Step Four: Create an Erasure Policy
Now you'll create another Policy, example_erasure_policy, that describes how to erase data with the same category, by replacing values with null.
Step Five: Issue a Privacy Request to erase data and verify
The last step is to issue a Privacy Request using example_erasure_policy to remove identifiable user-provided data
related to "[email protected]". Then we'll re-run step #3 again to see what data is remaining for data category user.provided.identifiable:
{}This returns an empty dictionary confirming Jane's fields with data category user.provided.identifiable have been removed.
You've learned how to use the Fidesops API to connect a database and a final storage location, define policies that describe how to handle user data, and execute access and erasure requests. But there's a lot more to discover, so we'd recommend following the tutorial to keep learning.
Documentation
For more information on getting started with Fidesops, how to configure and set up Fidesops, and more about the Fides ecosystem of open source projects:
- Documentation: https://ethyca.github.io/fidesops/
- How-to guides: https://ethyca.github.io/fidesops/guides/oauth/
- Deployment: https://ethyca.github.io/fidesops/deployment/
- Roadmap: https://github.com/ethyca/fidesops/milestones
- Website: www.ethyca.com/fides
Support
Join the conversation on:
Contributing
We welcome and encourage all types of contributions and improvements! Please see our contribution guide to opening issues for bugs, new features, and security or experience enhancements.
Read about the Fides community or dive into the development guides for information about contributions, documentation, code style, testing and more. Ethyca is committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.
⚖️ License
The Fides ecosystem of tools (Fidesops and Fidesctl) are licensed under the Apache Software License Version 2.0. Fides tools are built on Fideslang, the Fides language specification, which is licensed under CC by 4.
Fides is created and sponsored by Ethyca: a developer tools company building the trust infrastructure of the internet. If you have questions or need assistance getting started, let us know at [email protected]!