Follow this guide to make sure your application integrating Tanker is ready for production.
Manage identities in your server¶
This is explained in details in this guide.
Encrypt and share data client-side with Tanker¶
Learn how to encrypt and share here.
The SDK is designed to be easy to use and hard to misuse, however to ensure the best possible security some principles need to be followed.
This guide exposes important guidelines, we strongly recommend you stick to them. There may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.
Disable test mode¶
Your production app must have the test mode disabled. When you create it, you will get its secret. It will be used by your server-side application to authorize the addition of every user's first device. It does not allow you to decrypt any user data.
Tanker staff does not have access to your app secret, so please make sure to never lose it as it cannot be recovered. It must be saved securely, preferably stored in a physical location like a safe.
Safely store the app secret server-side¶
If the app secret leaks (for instance, if it's included in code running client-side), then it gives administrative privileges to all your users.
Thus, it should be safely stored only on your servers, and protected as any other secrets your servers may be using.
The identity has several purposes:
- It protects the private keys stored on users' devices
- It contains signature keys used to make sure user additions are legitimate
- It links the user in your application with Tanker
Note that its generation uses the app secret.
Only send the identity to authenticated users¶
If you fail to check users are authenticated before returning their identity, attackers may impersonate legitimate users and any resource shared with them will be compromised.
Store the identity server-side¶
Each identity must only be generated once per user, so you should store the identities on your servers so that they are available any time an authenticated user wants to open a session.
Do not store the identity client-side¶
If you store the identity client-side unencrypted, anyone with access to the device will be able to decrypt, encrypt and share any data without needing to authenticate to your servers.
Configure allowed origins¶
The tanker SDK implements the Cross Origins Ressource Sharing (CORS) mechanism.
When you create an app in the dashboard you can specify a whitelist of allowed origins. The calls from any other origin will be blocked by web browsers. If not configured, all origins are accepted.
For security purposes we strongly advise you to configure allowed origins in your app settings.
If you use the
download API, make sure that you have configured your own bucket in the dashboard for your App. In the default bucket, files expire after 48 hours.
Your app is now ready for production!