PureKit Quickstart

This quickstart will guide you through PureKit MariaDB Demo App - a simple web application that illustrates how Virgil PureKit can be used with MariaDB to store and share data in the most secure way. The Demo App is based on a use case of a hypothetical business scenario involving a patient, physician and laboratory, and shows how distinct roles within a customer's application can be defined and used to restrict ePHI access in a HIPAA-compliant manner.

Note that this quickstart uses MariaDB for storing user records and keys; you can use the code samples to set up PureKit with your own storage or you can go through the Setup PureKit guide if you want to use Virgil Cloud to store records and keys.

Before getting started with the Demo App, you need to:

• Install Docker
• Create an account at Virgil Dashboard
• Clone the PureKit demo application:

git clone https://github.com/VirgilSecurity/virgil-mariadb-demo.git

• Step #1. Launch Docker.
• Step #2. Create configuration files. In the server directory, copy env.template file and rename to a new env.config.
• Step #3. Get Virgil PureKit credentials. Fill in the Virgil PureKit values inside of env.config file. The following environment variables must be defined to run the server:

To generate virgil_nms, virgil_bu and virgil_sk, install the Virgil CLI and then run the following command:

virgil purekit keygen all

Make sure to save the generated keys in a safe storage.

• Step #4. To run the demo client use the following command:

docker-compose up

• Step #5. Browse to http://localhost:80 to explore the demo.

The Demo App consists of three cards (actors): Patient (Alice), Physician (Bob) and Lab.

In the beginning of the demo flow, each actor the following:

Alice has:

• her SSN, which she can share with Bob;
• access to the 2 prescriptions, that Bob has provided;
• 2 lab tests that she is waiting for.

Bob has:

• his license number, which he can share with Alice;
• 2 prescriptions that he wrote for Alice, and a button to add new prescriptions;
• 2 lab tests that he is waiting for, and a button to add a new lab test.

Lab has:

• 2 lab tests that Bob has created for Alice.

At the Patient card:

• Click "share to Bob" to securely share the Alice's social security number with the Physician.
• Also, you can review prescription, lab's results and its status.

At the Physician card:

• Click "Add prescription" to create a new prescription for Alice. Alice will immediately get access to the prescription and will be able to see the notes.
• Also, at the Physician card, click "Add lab test". This will create a new record in Alice's, Bob's and Lab's "Lab tests" section.

At the Lab card:

• In the column "Results" click "Add" button to add a test result. After submitting it, the Physician will be able to see the result, but the Patient will only see "Access denied" message in the "Result" column.
• To share the result with the Patient, at the Physician card click "Share". After that the Patient will be able to read the result herself.

Now, to see the results of your actions in the database:

• Click "View MariaDB" in the top of the page. There, in the left field, scroll to the very bottom to see the PureKit-related tables.
• Click on any table and "Execute" to see the data in that table.
• Note that most of the data will be encrypted (results of the lab tests in lab_tests, Patient's SSN in patients, Physician's license number in physycians, notes in prescriptions, encrypted keys and etc.) and can only be decrypted by users who have the right keys to do so. Therefore, sensitive data cannot be accessed by unauthorized parties.

Now that you've seen the PHE flow working with sample code, we'll explore in the next guides how you can build PHE into your existing applications: