This quickstart will guide you through PureKit MariaDB Demo App - a simple web application that illustrates how Virgil PureKit can be used with MariaDB to store and share data in the most secure way. The Demo App is based on a use case of a hypothetical business scenario involving a patient, physician and laboratory, and shows how distinct roles within a customer's application can be defined and used to restrict ePHI access in a HIPAA-compliant manner.
Note that this quickstart uses MariaDB for storing user records and keys; you can use the code samples to set up PureKit with your own storage or you can go through the Setup PureKit guide if you want to use Virgil Cloud to store records and keys.
Before you begin
Before getting started with the Demo App, you need to:
git clone https://github.com/VirgilSecurity/virgil-mariadb-demo.git
Set up and run demo
- Step #1. Launch Docker.
- Step #2. Create configuration files. In the
env.templatefile and rename to a new
- Step #3. Get Virgil PureKit credentials. Fill in the Virgil PureKit values inside of
env.configfile. The following environment variables must be defined to run the server:
|Your Virgil Application ID. Can be found at Virgil Dashboard.
|Your Virgil Application Token. Can be found at Virgil Dashboard.
|Service public key of your PureKit application. Can be found in your PureKit application at Virgil Dashboard.
|Your PureKit Non-Rotatable Master Secret key.
|Your PureKit Backup public key.
|Your PureKit App Secret key.
virgil_sk, install the Virgil CLI and then run the following command:
virgil purekit keygen all
Make sure to save the generated keys in a safe storage.
- Step #4. To run the demo client use the following command:
- Step #5. Browse to http://localhost:80 to explore the demo.
How it works
The Demo App consists of three cards (actors): Patient (Alice), Physician (Bob) and Lab.
At any moment you can restart the demo and check the database using the buttons in the top.
In the beginning of the demo flow, each actor the following:
- her SSN, which she can share with Bob;
- access to the 2 prescriptions, that Bob has provided;
- 2 lab tests that she is waiting for.
- his license number, which he can share with Alice;
- 2 prescriptions that he wrote for Alice, and a button to add new prescriptions;
- 2 lab tests that he is waiting for, and a button to add a new lab test.
- 2 lab tests that Bob has created for Alice.
At the Patient card:
- Click "share to Bob" to securely share the Alice's social security number with the Physician.
- Also, you can review prescription, lab's results and its status.
At the Physician card:
- Click "Add prescription" to create a new prescription for Alice. Alice will immediately get access to the prescription and will be able to see the notes.
- Also, at the Physician card, click "Add lab test". This will create a new record in Alice's, Bob's and Lab's "Lab tests" section.
At the Lab card:
- In the column "Results" click "Add" button to add a test result. After submitting it, the Physician will be able to see the result, but the Patient will only see "Access denied" message in the "Result" column.
- To share the result with the Patient, at the Physician card click "Share". After that the Patient will be able to read the result herself.
View MariaDB records
Now, to see the results of your actions in the database:
- Click "View MariaDB" in the top of the page. There, in the left field, scroll to the very bottom to see the PureKit-related tables.
- Click on any table and "Execute" to see the data in that table.
- Note that most of the data will be encrypted (results of the lab tests in
lab_tests, Patient's SSN in
patients, Physician's license number in
physycians, notes in
prescriptions, encrypted keys and etc.) and can only be decrypted by users who have the right keys to do so. Therefore, sensitive data cannot be accessed by unauthorized parties.
Now that you've seen the PHE flow working with sample code, we'll explore in the next guides how you can build PHE into your existing applications: