is for systems and applications. immudb lightweight, high-speed immutable database With you can track changes in sensitive data in your transactional databases and then record those changes indelibly in a the tamperproof immudb database. immudb This allows you to keep an indelible history of, say, your debit/credit transactions. immudb is open source under the , and can be found here (there is also a more comprehensive documentation): Apache v2.0 License https://github.com/codenotary/immudb Traditional transaction logs are hard to scale, and are not immutable. So there is no way to know for sure if your data has been compromised. You can find an example video here: https://www.youtube.com/watch?v=g7msV9NcwNA&t=1s How it works As such immudb provides , of what happened to your sensitive data, even if your perimiter was compromised. immudb provides the guarantatee of immutability by using internally a . unparalleled insights retro-actively Merkle tree structure immudb gives you the same of the integrity of data written with like classic blockchain without the cost and complexity associated with blockchains today. cyrptographic verification SHA-256 immudb has 4 main benefits: . You can only add records, but . immudb is immutable never change or delete records data stored in immudb is , like blockchains, just without all the complexity and at high speed. cryptographically coherent and verifiable Anyone can get . Wether in node.js, Java, Python, Golang, .Net, or any other language. It’s very easy to use and you can have your immutable database running in just a few minutes. started with immudb in minutes Finally, immudb is . You can run it , or in the and it’s completely free. immudb is governed by the Apache 2.0 License. Open Source on-premises cloud immudb runs on , , , and , among other systems derived from them, such as and . Linux FreeBSD Windows MacOS Kubernetes Docker Getting started You can either build Docker images based on the Dockerfiles in the GitHub repository for the most common architectures or use the prebuild ones on Dockerhub for Linux. immudb Dockerhub docker run -it -d -p 3322:3322 -p 9497:9497 — name immudb codenotary/immudb:latest standalone Binaries If you want to build the yourself, simply and run one of the following commands based on your operating system. binaries clone this repo GOOS=linux GOARCH=amd64 make immudb-static GOOS=darwin GOARCH=amd64 makeimmudb-static GOOS=windows GOARCH=amd64 make immudb-static # Linux # macOS # Microsoft Windows Then you can run immudb the immudb server ./immudb ./immudb -d # run immudb in the foreground # run immudb in the background install immudb as a service ./immudb service immudb install ./immudb service immudb status ./immudb service immudb stop ./immudb service immudb start # install immudb service # check current immudb service status # stop immudb service # start immudb service The immud linux service is using the following defaults: user: immu group: immu configuration: /etc/immudb data: /var/lib/immudb logs: /var/log/immudb Service Port: 3322 (immudb) Prometheus Exporter Port: 9497 Performance As immudb is often compared to Amazon QLDB, we did a performance benchmark using a simple demo application to write data (without using any unfair optimization). Test setup: 4 CPU cores Intel(R) Xeon(R) CPU E3–1275 v6 @ 3.80GHz 64 GB memory SSD Prometheus and Grafana monitoring immudb has a built-in prometheus exporter that publishes all metrics at port 9497 (:9497/metrics) by default. When running a Prometheus instance, you can configure the target like in this example: - job_name: 'immudbmetrics' scrape_interval: 60 s static_configs: - targets: ['my-immudb-server:9497'] There is a Grafana dashboard available as well: https://grafana.com/grafana/dashboards/12026 Common Use Cases We already learned about the following use cases from users: use immudb to immutably store every update to sensitive database fields (credit card or bank account data) of an existing application database store CI/CD recipes in immudb to protect build and deployment pipelines store public certificates in immudb use immudb as an additional hash storage for digital objects checksums store log streams (i. e. audit logs) tamperproof No programmer? Actually in case you’re not a programmer but still want to use immudb just to play around or within scripts, you can use immuclient. GOOS=linux GOARCH=amd64 make immuclient-static GOOS=windows GOARCH=amd64 make immuclient-static # Linux # Microsoft Windows In case you have no idea how to build it, you can use the following Docker command and procedurel: git clone https://github.com/codenotary/immudb.git docker run -it --rm -v $( ):/src golang:1.13-stretch sh -c docker run -it --rm -v $( ):/src golang:1.13-stretch sh -c # Linux pwd 'cd /src && GOOS=linux GOARCH=amd64 make immuclient-static' # Microsoft Windows pwd 'cd /src && GOOS=windows GOARCH=amd64 make immuclient-static' Now you’ll find the immuclient binary in the repository folder and ready to be used. gives you details how to use it. ./immuclient --help Add a record to immudb ./immuclient safeset mykey myvalue ./immuclient -a <immudb-ip> safeset mykey myvalue # same system where immudb server is running # immudb server runs on a remote system You'll receive something similar to: ./immuclient safeset k1 v1 index: 307 key: k1 value: v1 : 4a6a18172eba5a3ea49a3caf147ac405c874ed4c922cc7dafe0dce5ff85f35aa time: 2020–05–13 04:01:30 -0400 EDT verified: hash true Get the record from immudb ./immuclient safeget mykey ./immuclient mykey ./immuclient -a <immudb-ip> safeget mykey # same system where immudb server is running # get the value history history # immudb server runs on a remote system The and commands do a consistency check for the values as well. safeGet safeSet Now you could store any kind of data, like the content of a sensitive database field, public certificate or a even a configuration file. Let’s try with a local Dockerfile and make sure there are not new lines or special characters in our value. ./immuclient safeset Dockerfile1 $( -n | base64 -w 0) echo " " $(cat Dockerfile) To get the data back, you need to make sure to convert it again. As the output of safeget contains more than just the value, as seen here: ./immuclient safeget Dockerfile1 index: 309 key: Dockerfile1 value: RlJPTSBnb2xhbmc6MS4xMy1zdHJldGNoIGFzIGJ1aWxkCldPUktESVIgL3NyYwpDT1BZIC4gLgpSVU4gR09PUz1saW51eCBHT0FSQ0g9YW1kNjQgbWFrZSBpbW11YWRtaW4tc3RhdGljCkZST00gdWJ1bnR1OjE4LjA0Ck1BSU5UQUlORVIgdkNoYWluLCBJbmMuICA8aW5mb0B2Y2hhaW4udXM+CgpDT1BZIC0tZnJvbT1idWlsZCAvc3JjL2ltbXVhZG1pbiAvdXNyL2xvY2FsL2Jpbi9pbW11YWRtaW4KCkFSRyBJTU1VX1VJRD0iMzMyMiIKQVJHIElNTVVfR0lEPSIzMzIyIgoKRU5WIElNTVVBRE1JTl9JTU1VREItQUREUkVTUz0iMTI3LjAuMC4xIiBcCiAgICBJTU1VQURNSU5fSU1NVURCLVBPUlQ9IjMzMjIiIFwKICAgIElNTVVEQl9NVExTPSJmYWxzZSIgCgpSVU4gYWRkZ3JvdXAgLS1zeXN0ZW0gLS1naWQgJElNTVVfR0lEIGltbXUgJiYgXAogICAgYWRkdXNlciAtLXN5c3RlbSAtLXVpZCAkSU1NVV9VSUQgLS1uby1jcmVhdGUtaG9tZSAtLWluZ3JvdXAgaW1tdSBpbW11ICYmIFwKICAgIGNobW9kICt4IC91c3IvbG9jYWwvYmluL2ltbXVhZG1pbgoKVVNFUiBpbW11CkVOVFJZUE9JTlQgWyIvdXNyL2xvY2FsL2Jpbi9pbW11YWRtaW4iXQ== : dfca217e2d87dccb8fd3fe8c1b49e620cc4ece8dc9c9fc2384cb6f6c9617eddb time: 2020-05-13 05:19:19 -0400 EDT verified: hash true the command is a bit more complex ./immuclient safeget Dockerfile1 | grep | cut -d -f2 | xargs -n | base64 -di "^value" ":" echo immudb SDKs There are many options for developers using the SDKs for Go Java, Node.js, Python These can be found in a developer jumpstart guide: https://docs.immudb.io/master/jumpstart.html#contents and the API descriptions: https://docs.immudb.io/master/sdks-api.html There is also a great Go SDK video tutorial: https://www.youtube.com/watch?v=qCC_AghFiw4 Check out immudb, the immutable database, written in Go: https://github.com/codenotary/immudb
