Advanced Installation Options
See the the project requirements page to get started.
To install the Helm chart to an existing Kubernetes cluster, run the following commands:
helm repo add ethyca https://helm.ethyca.com helm pull ethyca/fides
Then, set the required values in a values.yaml file and run
helm install fides ethyca/fides --values values.yaml
For more information on installing the Fides Helm chart, please refer to the Helm chart's README
To install Fides and its required infrastructure using Terraform to AWS Elastic Container Service (ECS), please refer to the Terraform module's README
The published reference images contain all of the extras and dependencies for running the Python application, but do not contain the required Postgres database.
Run the following command to pull the latest image from Ethyca's DockerHub:
docker pull ethyca/fides
To install Fides from the published PyPI package, run:
pip install ethyca-fides
Fides uses an application database for persistent storage. Configure your own Postgres database according to the configuration of your choice, ensuring it satisfies the minimum requirements.
- Managed PostgreSQL database services (e.g. AWS RDS, GCP Cloud SQL, Azure Database)
- Self-hosted PostgreSQL Docker container with a persistent volume mount (e.g. on a Kubernetes cluster)
- Self-hosted PostgreSQL server (e.g. on an EC2 server)
💡There is no reason to expose this database to the public internet as long as it will be accessible by your webserver.
Once the database is up and running:
- create a database user for the webserver (e.g.
- create a new database for the webserver (e.g.
- assign a secure password
Ensure you make note of your connection credentials, as those values will be used in later configuration steps.
To ensure personal data is never retained erroneously, Fides collects privacy request result data in a temporary Redis cache that automatically expires.
Any hosted Redis database that meets the project requirements work for this purpose. Follow the deployment documentation of your choice to get set up your Redis cache.
- A simple Docker redis container (https://hub.docker.com/_/redis)
- A managed service (e.g. AWS ElastiCache, GCP Memorystore, Azure Cache, Redis Cloud)
💡There is no reason to expose this cache to the public internet as long as it will be accessible by your webserver.
Once your cache is available:
- enable a password (via Redis AUTH) to provide additional security
Ensure you make note of your connection credentials, as those values will be used when configuring Fides.
Fides configuration variables are maintained in either a
fides.toml file, or environment variables. These should be replaced with the connection credentials for your Postgres and Redis instances, as well as any other information unique to your deployment.
The minimum configuration variables are as follows:
FIDES__DATABASE__SERVER="fides-db" FIDES__DATABASE__USER="postgres" FIDES__DATABASE__PASSWORD="fides" FIDES__DATABASE__PORT=5432 FIDES__DATABASE__DB="fides" FIDES__USER__ANALYTICS_OPT_OUT=false FIDES__REDIS__HOST="redis" FIDES__REDIS__PASSWORD="testpassword" FIDES__REDIS__PORT= 6379 FIDES__REDIS__SSL=false FIDES__REDIS__SSL_CERT_REQS="required" FIDES__SECURITY__APP_ENCRYPTION_KEY="athirtytwocharacterencryptionkey" FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID="fidesadmin" FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET="fidesadminsecret" FIDES__SECURITY__ROOT_USERNAME="root_user" FIDES__SECURITY__ROOT_PASSWORD="Testpassword1!" FIDES__ADMIN_UI__ENABLED=true
|Minimum Configuration Variables|
|The hostname given to your PostgreSQL database server.|
|The username created for Fides to access the PostgreSQL database server.|
|The password created for Fides to access the PostgreSQL database server.|
|The port for your PostgreSQL database server.|
|The name of the PostgreSQL database.|
|Whether you are opted in or out of sending analytics data to Ethyca.|
|An AES256 encryption key used for database and JSON encryption. Must be exactly 32 characters (256bits).|
|A customizable Client ID used for the "root" OAuth client.|
|A client secret used for the "root" OAuth client.|
|A root user to log in as when accessing the UI.|
|A password for the root user.|
|The hostname for your Redis cache.|
|The port for your Redis cache.|
|The password created for Fides to access the Redis cache.|
See the Configuration guide for a full list of settings, as well as a sample
Once configured, you can start your server:
docker run ethyca/fides
With the Fides webserver running, the hosted UI is available at