A live example of this template is running here: https://842d756c5daccbc4041437eb6be544c419760b31-80.dstack-prod5.phala.network/
A secure, confidential REST API wrapper for Akave decentralized storage, engineered to run within Phala Cloud's Trusted Execution Environment (TEE). This comprehensive template delivers everything you need to seamlessly integrate decentralized storage into your applications while maintaining the highest security standards through an intuitive, interactive interface.
- β TEE-secured deployment with confidential computing guarantees
- β Interactive API explorer with real-time upload progress tracking
- β Hardware-encrypted key management via Trusted Execution Environment
- β Containerized runtime with pre-compiled akavecli binary
- β RESTful storage interface supporting full CRUD operations
- β Cross-origin resource sharing for seamless frontend integration
- β Comprehensive health checks and monitoring endpoints
- β Enterprise-grade reliability with structured logging and error handling
-
Akave Account: Use any EVM private key securely with our TEE.
-
Fund Your Wallet: Use the Akave Faucet to get test tokens
-
Phala Account: Sign up at cloud.phala.network
-
Click the Deploy button
-
Configure your deployment:
- Enter your private key when prompted
- Select your compute resources (2 vCPU, 2GB RAM recommended)
- Choose your deployment region (prod8 is recommended)
- Enter your private key when prompted
-
Deploy and access your API:
- Deployment URL: Your API will be available at
https://<your-app-id>-80.dstack-prod8.phala.network/ - Example:
https://415ddd60aadec178dd13045077c631a69bf6c4a0-80.dstack-prod8.phala.network/ - Interactive Interface: Access the full-featured UI at your root URL with:
- π€ Real-time upload progress tracking
- π One-click file browsing with "List Objects" button
- π Direct download links in the API explorer
- π Complete API reference documentation
π Security Verification:
- Navigate to the "Network" tab in your Phala dashboard to access your deployment link
- View worker attestation data proving your API runs in a genuine TEE environment
- Verify measurements and remote attestations at docs.phala.com/attestation
- Independent verification available at proof.t16z.com to confirm your application's integrity
Note: The
-80suffix maps to container port 80 and is required for proper HTTP routing within Phala's infrastructure. - Deployment URL: Your API will be available at
# Install Phala CLI
npm install -g @phala/cli
# Login to Phala Cloud
phala auth login
# Deploy the template with your private key
phala cvms create \
--template akavelink \
--name my-akave-storage \
--env NODE_ADDRESS=connect.akave.ai:5500 \
--env PRIVATE_KEY=your_private_key_hereFor developers who prefer local development or want to customize the deployment process, you can run akavelink locally or deploy it manually.
Security Note: When deploying to Phala Cloud, your private keys and environment variables are encrypted and securely managed within the Trusted Execution Environment (TEE). Phala Cloud never stores or caches your sensitive data - everything remains confidential and protected within the secure enclave.
This template gives you full control over your Akave API instance. You can add additional authentication layers, implement custom access controls, or integrate password-based security mechanisms to further protect your storage API.
# Clone the repository
git clone https://github.com/DylanCkawalec/akavelink
cd akavelink
# Create .env file with your private key
cat > .env << EOF
NODE_ADDRESS=connect.akave.ai:5500
PRIVATE_KEY=your_private_key_here
PORT=80
CORS_ORIGIN=*
DEBUG=true
EOF
# Run the launch script (builds Docker image and starts container)
./launch.shThe launch script will:
- Build the Docker image with akavecli bundled
- Start the container on port 8000
- Open the interactive UI in your browser
- Auto-configure the UI to use the Docker backend
# Build the image
docker build -t akavelink:local .
# Run with your private key
docker run -d \
--name akavelink \
-p 8000:80 \
-e NODE_ADDRESS=connect.akave.ai:5500 \
-e PRIVATE_KEY=your_private_key_here \
akavelink:local| Variable | Description | Required | Default |
|---|---|---|---|
NODE_ADDRESS |
Akave node endpoint | Yes | connect.akave.ai:5500 |
PRIVATE_KEY |
Your Ethereum private key for Akave | Yes | - |
PORT |
API server port | No | 80 |
CORS_ORIGIN |
Allowed CORS origins | No | * |
DEBUG |
Enable debug logging | No | true |
When deployed on Phala Cloud:
- TEE Protection: Runs inside Intel TDX trusted execution environment
- Encrypted Secrets: Private keys are encrypted before deployment
- Remote Attestation: Verify code integrity cryptographically
- No Key Exposure: Private keys never leave the secure enclave
Once deployed, visit your API's root URL to access a powerful web interface:
- Drag & Drop Uploads - Seamlessly upload videos, audio files, CSVs, code, and more directly to Akave buckets
- API Explorer - Interactive testing environment for all endpoints with full CRUD operation support
- Real-time Logging - Live debugging output and request monitoring
- Wallet Dashboard - Connection status and transaction monitoring for your Akave wallet
POST /buckets
Create a new bucket for file storage.
Request Body:
{
"bucketName": "string"
}Response:
{
"success": true,
"data": {
"Name": "string",
"Created": "timestamp"
}
}GET /buckets
Retrieve a list of all buckets.
Response:
{
"success": true,
"data": [
{
"Name": "string",
"Created": "timestamp"
}
]
}GET /buckets/:bucketName
Get details of a specific bucket.
Response:
{
"success": true,
"data": {
"Name": "string",
"Created": "timestamp"
}
}GET /buckets/:bucketName/files
List all files in a specific bucket.
Response:
{
"success": true,
"data": [
{
"Name": "string",
"Size": "number",
"Created": "timestamp"
}
]
}GET /buckets/:bucketName/files/:fileName
Get metadata about a specific file.
Response:
{
"success": true,
"data": {
"Name": "string",
"Size": "number",
"Created": "timestamp"
}
}POST /buckets/:bucketName/files
Upload a file to a specific bucket.
Request:
- Content-Type:
multipart/form-data - Body:
fileorfile1: File to upload ORfilePath: Path to file on server
Response:
{
"success": true,
"data": {
"Name": "string",
"Size": "number"
}
}GET /buckets/:bucketName/files/:fileName/download
Download a file from a specific bucket.
Usage: Access this URL directly in your browser to download the file. The file will be automatically downloaded with its original filename.
Response:
- Success: File download will begin automatically
- Error:
{
"success": false,
"error": "error message"
}All endpoints will return the following format for errors:
{
"success": false,
"error": "error message"
}This template uses a multi-stage Docker build to create a lightweight, production-ready image:
- Build Stage: Compiles akavecli from source
- Runtime Stage: Minimal Alpine Linux with Node.js
- Bundled Binary: akavecli included in the image
- Web UI: Interactive interface served from the same container
βββββββββββββββββββββββββββββββββββββββββββ
β Phala Cloud TEE Environment β
β ββββββββββββββββββββββββββββββββββββββ β
β β Docker Container (akavelink) β β
β β ββββββββββββββββββββββββββββββββ β β
β β β Express.js + Web UI β β β
β β β ββ REST API (port 80) β β β
β β β ββ Interactive Dashboard β β β
β β β ββ akavecli (bundled) β β β
β β ββββββββββββββββββββββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββββ β
β β Private Key (encrypted) β
βββββββββββββββββββββββββββββββββββββββββββ
β HTTPS
https://your-app.phala.app
- Navigate to your deployment URL
- Click "Create Bucket" to test bucket creation
- Drag and drop a file to test uploads
- Use the API Explorer to test other endpoints
# Replace with your deployment URL
API_URL="https://your-app.phala.app"
# Create a bucket
curl -X POST $API_URL/buckets \
-H "Content-Type: application/json" \
-d '{"bucketName":"test-bucket"}'
# List buckets
curl $API_URL/buckets
# Check health
curl $API_URL/health- Solution: Fund your wallet using the Akave Faucet
- Solution: Use the Docker image which includes akavecli bundled
- Solution: Ensure your private key is correctly formatted (with or without 0x prefix)
- Solution: Set
CORS_ORIGINenvironment variable to your frontend domain
- Set
PORT=80in your.env. Phala gateway maps<appId>.<domain>to container port 80. - Ensure compose maps port 80 explicitly and uses an environment mapping (key: value), not a list.
Example docker-compose.yml:
version: '3.8'
services:
app:
image: dylanckawalec/akavelink:latest
container_name: app
ports:
- "80:80"
volumes:
- /var/run/tappd.sock:/var/run/tappd.sock
- ./downloads:/app/downloads
environment:
NODE_ADDRESS: ${NODE_ADDRESS}
PRIVATE_KEY: ${PRIVATE_KEY}
PORT: ${PORT}
CORS_ORIGIN: ${CORS_ORIGIN}
DEBUG: ${DEBUG}
restart: always- Build and push a multi-arch image (linux/amd64 included) to avoid
no matching manifest for linux/amd64:
docker buildx build --platform linux/amd64,linux/arm64 -t <you>/akavelink:latest --push .-
Keep CVM names β€ 20 chars or the API will reject the request.
-
Gateway URL forms:
https://<appId>.<base_domain>β container port 80https://<appId>-<port>.<base_domain>β container port<port>- If base domain returns an empty reply while booting, try the
-80form.
-
Always pass env via
--env-file ./.env; the Phala CLI encrypts values into the TEE.
- Fork this repository
- Modify the code to add your features
- Update the Docker image in
docker-compose.yml - Build and push your custom image:
docker build -t your-username/akavelink:custom .
docker push your-username/akavelink:custom- Deploy your custom version to Phala Cloud
We welcome contributions! Please see CONTRIBUTING.md for guidelines on:
- Submitting bug fixes
- Adding new features
- Improving documentation
- Submitting this as a Phala Cloud template
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- vCPU: 1
- Memory: 1GB
- Disk: 10GB
- vCPU: 2
- Memory: 2GB
- Disk: 20GB
- Template ID:
akavelink - Category: Storage
- Docker Image:
dylanckawalec/akavelink:latest - Port: 80 (mapped by Phala gateway)
- Health Check:
/healthendpoint
Built for Phala Network | Powered by Akave