Quickstart: Create an Azure Managed CCF resource using the Azure SDK for JavaScript and TypeScript
Microsoft Azure Managed CCF (Managed CCF) is a new and highly secure service for deploying confidential applications. For more information on Azure Managed CCF, see About Azure Managed Confidential Consortium Framework.
If you don't have an Azure subscription, create an Azure free account before you begin.
API reference documentation | Library source code | Package (npm)
Prerequisites
- An Azure subscription - create one for free.
- Node.js versions supported by the Azure SDK for JavaScript.
- OpenSSL on a computer running Windows or Linux.
Setup
This quickstart uses the Azure Identity library, along with Azure CLI or Azure PowerShell, to authenticate user to Azure Services. Developers can also use Visual Studio or Visual Studio Code to authenticate their calls. For more information, see Authenticate the client with Azure Identity client library.
Sign in to Azure
Sign in to Azure using the Azure CLI az login command or the Azure PowerShell Connect-AzAccount cmdlet.
az login
If the CLI or PowerShell can open your default browser, it will do so and load an Azure sign-in page. Otherwise, visit https://aka.ms/devicelogin and enter the authorization code displayed in your terminal.
If prompted, sign in with your account credentials in the browser.
Initialize a new npm project
In a terminal or command prompt, create a suitable project folder and initialize an npm project. You may skip this step if you have an existing node project.
cd <work folder>
npm init -y
Install the packages
Install the Azure Active Directory identity client library.
npm install --save @azure/identity
Install the Azure Confidential Ledger management plane client library.
npm install -save @azure/arm-confidentialledger@1.3.0-beta.1
Install the TypeScript compiler and tools globally
npm install -g typescript
Create a resource group
A resource group is a logical container into which Azure resources are deployed and managed. Use the Azure PowerShell New-AzResourceGroup cmdlet to create a resource group named myResourceGroup in the southcentralus location.
New-AzResourceGroup -Name "myResourceGroup" -Location "SouthCentralUS"
Register the resource provider
The Azure Managed CCF resource type must be registered in the subscription before creating a resource.
az feature registration create --namespace Microsoft.ConfidentialLedger --name ManagedCCF
az provider register --namespace Microsoft.ConfidentialLedger
Create members
Generate a key pair for the member. After the following commands complete, the member's public key is saved in member0_cert.pem and the private key is saved in member0_privk.pem.
openssl ecparam -out "member0_privk.pem" -name "secp384r1" -genkey
openssl req -new -key "member0_privk.pem" -x509 -nodes -days 365 -out "member0_cert.pem" -"sha384" -subj=/CN="member0"
Create the JavaScript application
Use the Management plane client library
The Azure SDK for JavaScript and TypeScript library azure/arm-confidentialledger allows operations on Managed CCF resources, such as creation and deletion, listing the resources associated with a subscription, and viewing the details of a specific resource.
To run the below samples, please save the code snippets into a file with a .ts extension into your project folder and compile it as part of your TypeScript project, or compile the script into JavaScript separately by running:
tsc <filename.ts>
The compiled JavaScript file will have the same name but a *.js extension. Then run the script in nodeJS:
node <filename.js>
The following sample TypeScript code creates and views the properties of a Managed CCF resource.
import { ConfidentialLedgerClient, ManagedCCFProperties, ManagedCCF, KnownLanguageRuntime, DeploymentType, MemberIdentityCertificate } from "@azure/arm-confidentialledger";
import { DefaultAzureCredential } from "@azure/identity";
// Please replace these variables with appropriate values for your project
const subscriptionId = "0000000-0000-0000-0000-000000000001";
const rgName = "myResourceGroup";
const ledgerId = "testApp";
const memberCert0 = "-----BEGIN CERTIFICATE-----\nMIIBvjCCAUSgAwIBAg...0d71ZtULNWo\n-----END CERTIFICATE-----";
const memberCert1 = "-----BEGIN CERTIFICATE-----\nMIIBwDCCAUagAwIBAgI...2FSyKIC+vY=\n-----END CERTIFICATE-----";
async function main() {
console.log("Creating a new instance.")
const client = new ConfidentialLedgerClient(new DefaultAzureCredential(), subscriptionId);
const properties = <ManagedCCFProperties> {
deploymentType: <DeploymentType> {
appSourceUri: "",
languageRuntime: KnownLanguageRuntime.JS
},
memberIdentityCertificates: [
<MemberIdentityCertificate>{
certificate: memberCert0,
encryptionkey: "",
tags: {
"owner":"member0"
}
},
<MemberIdentityCertificate>{
certificate: memberCert1,
encryptionkey: "",
tags: {
"owner":"member1"
}
},
],
nodeCount: 3,
};
const mccf = <ManagedCCF> {
location: "SouthCentralUS",
properties: properties,
}
const createResponse = await client.managedCCFOperations.beginCreateAndWait(rgName, ledgerId, mccf);
console.log("Created. Instance id: " + createResponse.id);
// Get details of the instance
console.log("Getting instance details.");
const getResponse = await client.managedCCFOperations.get(rgName, ledgerId);
console.log(getResponse.properties?.identityServiceUri);
console.log(getResponse.properties?.nodeCount);
// List mccf instances in the RG
console.log("Listing the instances in the resource group.");
const instancePages = await client.managedCCFOperations.listByResourceGroup(rgName).byPage();
for await(const page of instancePages){
for(const instance of page)
{
console.log(instance.name + "\t" + instance.location + "\t" + instance.properties?.nodeCount);
}
}
console.log("Delete the instance.");
await client.managedCCFOperations.beginDeleteAndWait(rgName, ledgerId);
console.log("Deleted.");
}
(async () => {
try {
await main();
} catch(err) {
console.error(err);
}
})();
Delete the Managed CCF resource
The following piece of code deletes the Managed CCF resource. Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.
import { ConfidentialLedgerClient, ManagedCCFProperties, ManagedCCF, KnownLanguageRuntime, DeploymentType, MemberIdentityCertificate } from "@azure/arm-confidentialledger";
import { DefaultAzureCredential } from "@azure/identity";
const subscriptionId = "0000000-0000-0000-0000-000000000001"; // replace
const rgName = "myResourceGroup";
const ledgerId = "confidentialbillingapp";
async function deleteManagedCcfResource() {
const client = new ConfidentialLedgerClient(new DefaultAzureCredential(), subscriptionId);
console.log("Delete the instance.");
await client.managedCCFOperations.beginDeleteAndWait(rgName, ledgerId);
console.log("Deleted.");
}
(async () => {
try {
await deleteManagedCcfResource();
} catch(err) {
console.error(err);
}
})();
Clean up resources
Other Managed CCF articles can build upon this quickstart. If you plan to continue on to work with subsequent quickstarts and tutorials, you might wish to leave these resources in place.
Otherwise, when you're finished with the resources created in this article, use the Azure CLI az group delete command to delete the resource group and all its contained resources.
az group delete --resource-group myResourceGroup
Next steps
In this quickstart, you created a Managed CCF resource by using the Azure Python SDK for Confidential Ledger. To learn more about Azure Managed CCF and how to integrate it with your applications, continue on to these articles: