iExec: Using iExec and Tee Worker to Create Apps that Use Datasets Stored on Filebase
Learn how to use iExec and Tee Worker to create apps that use datasets stored on Filebase.
What is iExec?
The iExec network enables decentralized docker app deployment and monetization on the blockchain by connecting cloud resource sellers with cloud resource buyers and encourages an ecosystem of decentralized, autonomous, privacy-preserving applications.
Read below to learn how to use iExec and its Tee Worker Application to create apps that use datasets stored on Filebase.
1. Install the iExec SDK CLI package with the following command:
npm i -g iexec
2. Create a new Wallet file:
iexec wallet create
You will be prompted to set a password on this wallet file. Take note of this password since there is no way to recover it if forgotten.
3. Initialize your iExec project:
mkdir ~/iexec-projects
cd ~/iexec-projects
iexec init --skip-wallet
4. We will use the iExec testnet, called Viviani, for our project. Next, initialize the default remote storage:
iexec storage init --chain viviani
5. Now initialize your app:
iexec app init
The default app is the public docker image iexechub/python-hello-world
.
6. Then deploy this default app on the Viviani network:
iexec app deploy --chain viviani
7. Confirm it was deployed successfully by checking your list of deployed apps:
iexec app show --chain viviani
8. Now, to run your app you will need RLC tokens.
Since we’re running on the testnet, we can get some test RLC with the command:
iexec wallet get-RLC --chain viviani
9. Confirm the transaction was successful by checking your wallet’s balance:
iexec wallet show --chain viviani
10. Now it's time to run your application. Use the following command:
iexec app run --args APP_NAME --watch --chain viviani
Replace APP_NAME
with your desired Application name.
11. Download the result of your task with the command:
iexec task show TASK_ID --download my-result --chain viviani
Replace TASK_ID
with the Task ID value from the last command’s output.
12. View the contents of your task result file:
unzip my-result.zip -d my-result
cat my-result/result.txt
13. Up until now, we’ve been using the default storage configuration for iExec, which is IPFS managed by iExec.
For private datasets and assets, this method is not recommended, so we’ll now switch to using Filebase for our private storage backend.
14. For this tutorial, we’ll use a sample dataset that we’ll initiate with the command:
iexec dataset init --encrypted
This command makes 3 new directories:
datasets/encrypted
datasets/original
.secrets/datasets
A new section will be appended to the iexec.json
file called ‘datasets’.
15. Now we’ll create a sample dataset with the command:
echo "Hello Filebase!" > datasets/original/filebase-test-dataset.txt
16. Then encrypt your dataset:
iexec dataset encrypt
Take note of the checksum value that is returned from this command.
This command created the file datasets/encrypted/filebase-test-dataset.txt.enc
. Let’s upload this file to Filebase.
17. You can upload files to Filebase using two methods: the Filebase Web Console, or the Filebase S3-compatible API.
Either method will require an IPFS bucket which must be created from the Web Console.
18. To use the web console, navigate to console.filebase.com.
If you don’t have an account already, sign up, then log in.
19. Select ‘Buckets’ from the left sidebar menu, or navigate to console.filebase.com/buckets.
Select ‘Create Bucket’ in the top right corner to create a new bucket.
20. Enter a bucket name and choose the IPFS storage network to create the bucket.
Bucket names must be unique across all Filebase users, be between 3 and 63 characters long, and can contain only lowercase characters, numbers, and dashes.
21. Next, select the bucket from your list of buckets, then select ‘Upload’ in the top right corner to upload your files.
22. Select your files to be uploaded.
Once uploaded, they will be listed in the bucket.
23. You can view the IPFS CID from the bucket object list in the CID column, or you can click on each uploaded object to display the metadata for the object to view the IPFS CID.
Take note of this CID, since we will use it in the next step.
24. Next, open the iexec.json
file, navigate to the dataset section, and edit the following lines:
iexec.json
file, navigate to the dataset section, and edit the following lines:Replace the IPFS_CID
with the IPFS CID from the uploaded dataset in your Filebase bucket.
25. Deploy your dataset on the network with the command:
iexec dataset deploy --chain viviani
26. Now we need to push the encryption key to the Secret Management Service so that the deployed dataset can be used for authorized applications.
To get the encryption key for this dataset and push it to the testnet, use the following commands:
Note: This workflow is fine for debugging purposes on the testnet, but is not recommended to store secrets for production environments.
sed -i 's|"viviani": {},|"viviani": { "sms": "<https://v7.sms.debug-tee-services.viviani.iex.ec>" },|g' chain.json
iexec dataset push-secret --chain viviani
27. Now let’s deploy an application that uses this dataset.
First, make a new directory for this project, initiate iExec inside this directory, and create some empty files that we’ll need later.
mkdir my-tee-dataset-app && cd my-tee-dataset-app
iexec init --skip-wallet
mkdir src
touch src/app.py
touch Dockerfile
touch sconify.sh
28. In the src/
folder, open the new file called app.py
and input the following code:
src/
folder, open the new file called app.py
and input the following code:29. Then build the TEE docker image by editing the Dockerfile we created previously to reflect the following content:
30. Open the sconify.sh
file and input the following code:
sconify.sh
file and input the following code:31. Then run the sconify.sh
script to build the TEE app:
sconify.sh
script to build the TEE app:./sconify.sh
32. Now let’s deploy the TEE app on the iExec network. Start by initializing the application:
iexec app init --tee
33. Get the enclave fingerprint for your TEE image:
docker run -it --rm -e SCONE_HASH=1 python-dataset-app:tee-debug
Take note of this, we will use it in the next step.
34. Then edit the iexec.json
file to add the following configuration details:
iexec.json
file to add the following configuration details:Replace the ENCLAVE_FINGERPRINT
value with the enclave fingerprint you took note of in the last step.
35. Deploy the app on the iExec testnet:
iexec app deploy --chain viviani
36. Then run the TEE app:
iexec app run APP_ADDRESS --tag tee --dataset DATASET_ADDRESS --workerpool 0xe6806E69BA8650AF23264702ddD43C4DCe35CcCe --watch --chain viviani
Replace the APP_ADDRESS
value with your TEE app address, and the DATASET_ADDRESS
with the address of your dataset from Step 25.
Your app is now deployed using your encrypted dataset stored on Filebase!
Last updated