OrbisDB
Last updated
Last updated
This guide walks through how to use and TACo in combination, using the DeForum web application and as an example. OrbisDB is an easy-to-use SQL interface for querying data stored via the network, and alongside TACo, another fundmental building block for the Web3 stack.
Built upon , OrbisDB is an open-source relational database designed for Web3 applications and beyond. OrbisDB offers a flexible and developer-friendly experience via a (1) web app & SDK for storing and managing datasets, (2) support for SQL and GraphQL queries, and (3) hosted nodes to facilitate DevOps. The Ceramic network, as with ComposeDB, enables sovereign data ownership, composability and scalability. Decentralization is achieved through a population of node operators numbering in the hundreds, that anyone can permissionlessly join to provide data services.
DeSci. Even movements centered around open access necessitate private channels, including draft papers, raw data analysis, peer reviews, funding, and other forms of collaboration. OrbisDB and TACo together offer storage and sharing of scientific work that maximizes the researcher's control and sovereignty. Additionally, the combination enables scientific data marketplaces with no trusted intermediary facilitating monetization.
AI datasets. Leverage OrbisBD's provenance verification tooling and TACo's granular (row-level) conditionality to enable safe collaboration on sensitive training data while simultaneously verifying data integrity and quality.
Shared knowledge bases. Combine Ceramic's verifiable credentials with credential-based secrets management to enforce fine-grained, per-page access to organizational resources. OrbisDB enables migration of non-public external data (e.g. via an API or static CSV) which can then be encrypted via TACo for specific group members (e.g. stakers in a network).
illustrates how TACo and OrbisD can be combined in a browser-based forum app, and also provides a template for virtually any form of token-gated content platform. The demo can run on a public node instance provided by OrbisDB studio for testing, or you can set up your own node in order to save data on the Ceramic network in production. The demo also requires a ThirdWeb account to help with image file upload and storage on IPFS.
Skip to Section II below for an in-depth guide to leveraging TACo in the context of the DeForum app.
This section covers how TACo can be used in concert with OrbisDB across domains and use cases. Follow these instructions to integrate TACo into your OrbisDB app.
Ensure that you have the required packages in your package.json
by running:
Next, update the chain configuration:
Next, intialize TACo by loading WASM modules:
TACo initialization is required on application startup. For Next.js applications, it is recommended to use a React Context to check if TACo has been initialized before to avoid repeating this process unnecessarily.
Next, define the conditions for accessing private data:
In the code snippet above, we specified that only those data consumer accounts with a positive POL balance on Polygon Amoy (chain ID 80002
) will qualify to decrypt the data. You can hardcode conditions, or create a UI for users to choose their own requirements for data access.
It's possible to integrate the encrypt
and decrypt
functions into a Next.js application by creating a new React Custom Hook. The two core functions to implement are encryptWithTACo
and decryptWithTACo
.
In this example, these functions ensure that posts are encrypted before being stored in OrbisDB and decrypted after being queried.
First, create auxiliary functions – encoding/decoding base64 strings – to be used with the main functions later:
Next, define the two main encryption and decryption functions:
The encryptWithTACo()
function encrypts a message and simultaneously sets the conditions for decrypting it. The returned value is a base64 string that contains the encrypted message and the decryption conditions.
The decryptWithTACo()
function takes a base64 string with the encrypted data and decrypts the message if the conditions are met.
A creitcal part of the decryption process is the authentication of the data consumer. In this case, the data consumer (or requestor) proves that they own a given Ethereum address – specifically via the reuse of an SIWE authentication. Users have already authenticated themselves on OrbisDB, so this avoids them signing the same message again.
Below, forum post bodies are encrypted so only data consumers that satisfy given conditions can view them as plaintext. The following code snippet also executes query to store the posts on OrbisDB in said encrypted format, so that only authenticated and qualifying consumers can access them.
The decryption of the post bodies occurs on the client side after downloading them from OrbisDB:
For Ceramic, connect to Mainnet (domains.MAINNET
).
As noted, the parameters specified in this guide are for testing and hacking only. For real-world use cases where uploaded data should remain private & permanent, the production version of TACo is required.
Polygon Amoy is the L2 for TACo's testnet , so encryption/decryption calls from your app go via this network.
Access conditions are specified at data encryption time. The various types of conditions can be found in the Access Control .
With a running application, it is possible to check that the encrypted posts are being uploaded to the database with :
For TACo, a funded Mainnet ritualID
is required – this connects the encrypt/decrypt API to a cohort of independently operated nodes, and corresponds to a DKG public key generated by independent parties. A dedicated ritualID
for Ceramic + TACo projects will be sponsored soon. Watch for updates here or in the Discord channel.