How to Register Applications

Step by step instructions for Registering Applications

Introduction

What is a Registered Application? The Ubiq Dashboard allows you to register and manage all your applications for your projects. Application master keys are generated and managed automatically and secured through a FIPS 140-2 Level 3 validated Hardware Security Module (HSM) where they are stored.

What is an Authorized Application? Once you've registered your first application, you'll be able to use the provided API Keys Credentials to encrypt and decrypt data needed by your application. But consider the case where you may have other applications that would also need to access the same encrypted data. These "Authorized Applications" share the same Application master key as your registered application but use different API Keys Credentials. You may define any number of Authorized Applications all able to encrypt, decrypt, and effectively provide the ability to share access to encrypted data among your various applications.

How does a Registered Application work with API Keys Credentials? API Keys Credentials are used in your applications and are tied to Application Master Keys. Application Master Keys are never stored in applications and, in fact, never leave the HSM. An application that needs to encrypt data does so through the API Key Credentials by accessing its Application Master Key which enables the application to encrypt (and decrypt) data.

Registering an Application
  1. Prepare secure location for storage of Ubiq API Key Credentials. The process of registering an application will create cryptographic API Key Credentials for that application that will only be shown once in the Ubiq UI. To ensure confidentiality of encrypted data, it is important to keep these API Key Credentials secret. They should not be stored in standard files or checked into source code repositories. Additionally, the availability of these API Key Credentials is paramount. If lost or destroyed, they cannot be restored and data encrypted with those Credentials may be irrecoverable.

🚧

To ensure security of API Key Credentials, they should be stored in a well-managed and backed up secret management server or password vault.

  1. After you log in, you will see a Register a new app button on the left side menu. Please click this button and continue.
  1. The Register Your Application dialog appears. Please complete each section and also add any additional Authorized Applications that need the ability to decrypt or encrypt the same shared data:
  1. Once you have completed the Registration Dialog, then you will be presented with a confirmation page as follows:
  1. Next, acquire your API Key Credentials by clicking on the API Keys link. Click the Copy button in the popup to capture the API Key Credentials. It is very important that you save these credentials so that you’ll have them available for use. These credentials will not be accessible later if you close the popup window without copying them.

🚧

If you lose these API Key Credentials, then encrypted data may be inaccessible. Confidentially of these credentials is also critical to protecting encrypted data.

For these reasons, the API Key Credentials should be stored in a well-managed and backed-up secret management server or password vault.

  1. Next, click the Download Client Library link to download one or more required Libraries from GitLab. When you are done, click the I'm Done button at the bottom of the page to return to the main Dashboard.

  1. Once you have completed adding your new Registered Applications and any additional Authorized Applications that may need to share the same encrypted data, you can review, add to, and edit your Registered Applications by clicking on My Applications located on the left navigation menu:

  1. You can edit and manage any Registered Application by selecting the three dots (...) located at the end of every row. To view, edit and manage each associated Authorized Application, simply select the down arrow on the right side of the window to expose those Authorized Applications below the Registered Applications:

  1. Please see How to Manage Applications for more details regarding viewing, editing, adding to and managing all your applications.