🛠️ Build and deploy your first iApp

Reading time 🕒 10 min

Time to build

Build an iApp that can process protected data in a secure environment using the iExec iApp generator tool. This tool helps you create, test, and deploy iApp with just a few commands.

If you wanna explore and deep dive in the command-line tool. You can check the iApp Generator GitHub repository. Follow the instructions carefully for a smooth development experience.

📋 Prerequisites

Before getting started, make sure you have:

📦 Node.js v20+

Download →

🐳 Docker installed

Download →

🐳 DockerHub Account

Sign Up →

Don't worry. All secrets used in this tutorial stay on your machine and aren't shared with anyone. You'll only need them to run the iapp run command.

🚀 Types of iApp you can build

iExec enables you to build various types of Privacy-preserving applications. Here are some popular use cases:

📧 Web3Mail

Send privacy-preserving emails to registered Ethereum account holders without knowing or storing their email addresses. Github | Documentation

💬 Web3Telegram

Send privacy-preserving Telegram messages without knowing or storing their Telegram handles. Github | Documentation

🌐 Content delivery

Transfer, sell or rent protected content to authorized users. Github | Documentation

These are just a few examples, the possibilities are endless. Want to explore iApp Generator? Check out our documentation and see what you can build!

💾 Installation (Win / Mac / Linux)

First, you need to install the iapp package. Open your terminal and run:

npm

npm i -g @iexec/iapp

yarn

yarn global add @iexec/iapp

pnpm

pnpm add -g @iexec/iapp

bun

bun add -g @iexec/iapp

You can check if the installation was successful by running:

#checking the version
iapp --version

#checking the available commands
iapp --help

🛠️ Bootstrap your iApp

To initialize the working directory for developing your iApp, use the iapp init command. This command sets up the necessary project structure and files.

mkdir iexec-test
cd iexec-test
iapp init

You will be prompted with the following message:

Terminal

$ iapp init

  _    _                
 (_)  / \   _ __  _ __  
 | | / _ \ | '_ \| '_ \ 
 | |/ ___ \| |_) | |_) |
 |_/_/   \_\ .__/| .__/ 
           |_|   |_|    

1Pick a name for your project

2Select a programming language for your project

3Select the type of project you want to init

We recommend selecting "Hello World" to quickly discover how iApp works. Use advanced only if you are familiar with iExec.

• An iApp project is setup with the selected language
• An ethereum wallet has been created (we use it to sign the iApp creation onchain)
• A new folder has been created, it contains a very simple application, with the main code being located in src/app.js or src/app.py

🧪 Test your iApp

To test your iApp, run the iapp test command. This will build a Docker image and run your application locally to simulate the TEE environment. You'll see the following steps:

Terminal

$ iapp test

The iapp test command uses your local Docker to build and execute the app, simulating how it will run in the iExec network's TEE environment.

Common Issues:

- If you get Error: Docker daemon is not accessible: Make sure Docker is installed and running.

- If you get Error: Failed to locate iApp project root: Ensure you are in your project folder before proceeding.

🧩 Using arguments

You can pass arguments to your iApp using the --args option. This allows you to provide necessary inputs during runtime (you can use your name for example).

iapp test --args your-name

🔒 Using protected data

You can pass a protectedData that you are authorized to process to your iApp using the --protectedData option.

Since nothing is actually deployed during testing, we use Protected Data mocks to test the app. Using --protectedData default will provide your app with the default protectedData mock.

iapp test --protectedData default

You can check how args and protectedData are processed in src/app.js or src/app.py

🚀 Deploy your iApp

Deploy your iApp on the iExec protocol.

1Go to Docker Hub Security Settings

2Click "Personal access tokens" → "Generate new token"

3Name it "Test iExec iApp CLI" (expiration date is optional)

4Select "Read & Write" permissions

5Save your token securely and your username

Once you have your token, you can deploy your iApp.

Terminal

$ iapp deploy --chain arbitrum-mainnet

  ____             _             
 |  _ \  ___ _ __ | | ___  _   _ 
 | | | |/ _ \ '_ \| |/ _ \| | | |
 | |_| |  __/ |_) | | (_) | |_| |
 |____/ \___| .__/|_|\___/ \__, |
            |_|            |___/ 

📝 Make sure to save your iApp address after deployment - you'll need it later.

You can find your iApp address in the iexec-app.json file in your project folder.

⚠️ If you encounter issues during deployment, make sure the Docker BuildKit feature is enabled and supports AMD64 architecture:

docker buildx inspect --bootstrap | grep -i platforms

The output should include linux/amd64 in the list of supported platforms. If not, update to the latest Docker Desktop version which includes these requirements.

⚠️ If you set the wrong Docker username, you can change it by editing the iapp.config.json file

🏃 Run your iApp

Now you can run your application:

iapp run <my-iapp-address>

To sum up the process, we take the iApp and wrap it in the iExec framework, allowing it to run securely in a Trusted Execution Environment (TEE) for confidential computing. To learn more, check out the advanced iApp build documentation.

🎉 Congratulations! You've successfully deployed and run your first iApp on iExec. This is a significant milestone - your application is now ready to securely process confidential data in a trusted environment.

🎯 Key takeaways

• 🔒 iApp: Special applications that run in TEEs to process protected data
• 🛠️ iApp CLI: Command-line tool for building, testing, and deploying iApp
• 🔐 Protected Data: Can be integrated and processed securely in your iApp
• ⛓️ Deployment: Apps are deployed on iExec protocol to run in trusted environments

Next up: Alice will learn how to authorize the iApp and Bob to access and use her protected data.