Meet Fidesops: Privacy as Code for DSAR Orchestration

A part of the greater Fides ecosystem.

Latest Version
License
Code style: black
Checked with mypy
Twitter

Fidesops banner

⚡ Overview

Fidesops (fee-dez-äps, combination of the Latin term “Fidēs” + “operations”) is an extensible, deployed engine that fulfills any privacy request (e.g. access request, erasure request) by connecting directly to your disparate databases.

Fidesops overview

? Quick Start

If you’re looking for a more detailed introduction to Fidesops, we recommend following our tutorial here.

Run the quickstart in your terminal to give Fidesops a test drive:

Install Docker: https://docs.docker.com/desktop/#download-and-install
Install Make: brew install make


git clone https://github.com/ethyca/fidesops.git
cd fidesops
make quickstart

This runs fidesops in docker along with the necessary data stores. It also spins up a test postgres
database and a test mongo database to mimic your application. This quickstart will walk you through executing privacy
requests against your system by making a series of API requests to fidesops.

Follow these five easy steps:

Step One: Set up basic configuration (press [enter] to make each API request)

  • Authenticate by creating an Access Token
  • Connect to your application’s postgres and mongo databases with ConnectionConfigs
  • Describe the types of data you have and their relationships with Datasets
  • Dictate where to upload your results with StorageConfigs (a local folder for now)

Step Two: Define an Access Policy

Policies help describe what data you care about and how you want to manage it. In this example, you’ll create an access
Policy,example-request-policy, to get all data with the data category: user.provided.identifiable.

Step Three: Run a Privacy Request to Access Data

Finally, you can issue a Privacy Request using Policy example-request-policy across your test databases for [email protected].
The following response will be uploaded to a local folder (for demo purposes). We’ve collected identifiable user-provided
information for Jane across tables in both the postgres and mongo databases.

{
   "postgres_example_test_dataset:customer": [
      {
         "email": "[email protected]",
         "name": "Jane Customer"
      }
   ],
   "postgres_example_test_dataset:address": [
      {
         "city": "Example Mountain",
         "house": 1111,
         "state": "TX",
         "street": "Example Place",
         "zip": "54321"
      }
   ],
   "postgres_example_test_dataset:payment_card": [
      {
         "ccn": 373719391,
         "code": 222,
         "name": "Example Card 3"
      }
   ],
   "mongo_test:customer_details": [
      {
         "gender": "female",
         "birthday": "1990-02-28T00:00:00"
      }
   ]
}

Step Four: Create an Erasure Policy

Now you’ll create another Policy, example-erasure-policy, that describes how to erase data with the same category, by replacing values with null.

Step Five: Issue a Privacy Request to erase data and verify

The last step is to issue a Privacy Request using example-erasure-policy to remove identifiable user-provided data
related to “[email protected]“. Then we’ll re-run step #3 again to see what data is remaining for data category user.provided.identifiable:

{}

This returns an empty dictionary confirming Jane’s fields with data category user.provided.identifiable have been removed.

You’ve learned how to use the Fidesops API to connect a database and a final storage location, define policies that describe
how to handle user data, and execute access and erasure requests. But there’s a lot more to discover,
so we’d recommend following the tutorial to keep learning.

Documentation

For more information on getting started with Fidesops, how to configure and set up Fidesops, and more about the Fides ecosystem of open source projects:

Support

Join the conversation on:

Contributing

We welcome and encourage all types of contributions and improvements! Please see our contribution guide to opening issues for bugs, new features, and security or experience enhancements.

Read about the Fides community or dive into the development guides for information about contributions, documentation, code style, testing and more. Ethyca is committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.

⚖️ License

The Fides ecosystem of tools (Fidesops and Fidesctl) are licensed under the Apache Software License Version 2.0.
Fides tools are built on Fideslang, the Fides language specification, which is licensed under CC by 4.

Fides is created and sponsored by Ethyca: a developer tools company building the trust infrastructure of the internet. If you have questions or need assistance getting started, let us know at [email protected]!

GitHub

View Github