Tutorials

Fly.io Deployment

This guide explains how to deploy CipherStash Tandem to Fly.io.

You will be deploying the cipherstash/tandem-pgcat docker container to Fly.io and assumes you have already configured and tested your CipherStash Tandem instance. If you haven't already done so, please follow the Getting Started guide.

Steps to Deploy

1. Install and Log in to Flyctl

Before starting, make sure you have Flyctl, the CLI tool for managing apps on Fly.io, installed on your machine. If you haven't already installed it, you can find the installation guide on Fly.io. Once installed, log in to your Fly account.

1fly auth login
2

2. Preparing the project

You will need to create a directory with the following files:

  • Dockerfile
  • tandem.toml
1mkdir flyio-cipherstash-tandem
2cd flyio-cipherstash-tandem
3touch Dockerfile tandem.toml
4

Note: The tandem.toml file is used as a placeholder, as we will be using environment variables to configure the Tandem instance.

2.1 Init fly.io

You will need to use the flyctl init command to initialize the Fly.io project. This command will generate a fly.toml file that will be used to configure the Fly.io project.

1flyctl init
2

3. Configuring the Dockerfile

The Dockerfile is used to build the image that will be deployed to Fly.io. The following is the contents of the Dockerfile you'll use:

1FROM cipherstash/tandem-pgcat:latest
2EXPOSE 6432
3COPY tandem.toml /etc/tandem/tandem.toml
4

4. Configuring Fly.io

The following is the contents of the fly.toml file you'll use:

1app = "cipherstash-tandem"
2
3# Set the region based on your preference
4primary_region = "ord"
5
6[build]
7
8[[services]]
9internal_port = 6432
10protocol = "tcp"
11auto_stop_machines = false
12auto_start_machines = false
13min_machines_running = 1
14[[services.ports]]
15port = 6432
16
17[[vm]]
18cpu_kind = "shared"
19cpus = 1
20memory_mb = 1024
21

5. Setting up Environment Variables

You will need to set the following environment variables:

1CS_PASSTHROUGH=true
2CS_PORT=6432
3CS_USERNAME=fill-me-in
4CS_PASSWORD=fill-me-in
5CS_DATABASE__HOST=fill-me-in
6CS_DATABASE__PORT=fill-me-in
7CS_DATABASE__NAME=fill-me-in
8CS_WORKSPACE_ID=fill-me-in
9CS_CLIENT_ID=fill-me-in
10CS_CLIENT_KEY=fill-me-in
11CS_CLIENT_ACCESS_KEY=fill-me-in
12

You can set these environment variables using the flyctl secrets set command:

1flyctl secrets set MY_SECRET=romance
2

6. Deploying to Fly.io

You can now deploy your app to Fly.io using the flyctl deploy command:

1flyctl deploy
2

7. Reserving a Static IP Address

Since you will be using a non-standard port, you will need to reserve a static IP address for your app. You can do this using the flyctl ips reserve command:

1fly ips allocate-v4 --app cipherstash-tandem
2

8. Accessing Your App

Tandem will be running on port 6432 and you can access it using the static IP address you reserved in the previous step. You can now configure your application to connect to Tandem using the following connection string:

1postgres://<username>:<password>@<static-ip-address>:6432/<database-name>
2

Conclusion

By following these steps, you should have successfully deployed CipherStash Tandem to Fly.io.

For detailed steps and further information, you can refer to Fly.io's official documentation.

Previous
Supabase