Quick Start: Local (Docker)

Run the entire Tripwires product on your laptop — control server, honeypot sink, SSO, and a real Active Directory — with one command. Zero cloud, zero host tooling.

Prerequisites

Docker and Docker Compose. Nothing else — everything else runs inside the stack.

Bring it up

cd deploy/demo-sso
docker compose up --build

The first boot takes a few minutes — it builds the control server and the sink, pulls Keycloak and Samba, provisions the Active Directory domain, and imports the Keycloak realm. Subsequent starts are fast.

Access it

Open https://app.localhost. A throwaway demo CA signs the certificate, so the browser shows a one-time warning — choose Advanced → proceed. To silence it, trust the demo root CA instead:

docker compose cp init:/out/certs/rootCA.pem ./rootCA.pem
# then add ./rootCA.pem to your OS / browser trust store

The Keycloak admin console is at https://id.localhost (admin / demo-kc-admin).

What's running

The stack is fully self-contained — nothing is installed on the host:

Control server

Admin UI + API + the detection ingest endpoint.

Honeypot sink

The Rust honeytoken-sink on the honeypot ports.

Keycloak (OIDC)

The identity provider for single sign-on.

Samba AD DC

A real Active Directory domain controller.

Postgres

The data store.

Caddy (TLS edge)

Terminates TLS for app.localhost and id.localhost.

Sign in (SSO)

Two AD users are seeded:

User	Password	Role
alice	AlicePass123!	AD “Domain Admins” → Tripwire admin
bob	BobPass123!	Regular user

Try the detection loop

Create a PostgreSQL tripwire in the dashboard, then trip it from your host — the failed auth is the trap:

psql -h localhost -p 5432 -U <tw_username> -d production

Authentication fails, and the trip appears in the dashboard.

A license is required

Creating tripwires needs a valid license. Don't have one yet? Request a license for your organisation from enterprise@gettripwires.com — we issue you a signed .license file. Then upload it on the System Setup screen.

Tear down

docker compose down -v