immudb
immudb provides cryptographic verification for audit-critical event sourcing where tamper-proof guarantees are essential.
Why immudb
Section titled “Why immudb”| Strength | Benefit |
|---|---|
| Immutable by design | Events cannot be altered post-write |
| Cryptographic proof | Merkle tree verification |
| Tamper detection | Any modification breaks proofs |
| Audit compliance | SOC 2, HIPAA, financial regulations |
Trade-offs
Section titled “Trade-offs”| Concern | Consideration |
|---|---|
| Performance | Slower than non-verified writes |
| Complexity | Proof verification adds overhead |
| Storage growth | Merkle proofs increase storage |
Implementation Note
Section titled “Implementation Note”Angzarr connects to immudb via its PostgreSQL wire protocol compatibility layer. This means:
- Uses the standard
sqlxPostgreSQL driver - Connection strings follow PostgreSQL format
- Query syntax is PostgreSQL-compatible
Configuration
Section titled “Configuration”[storage]backend = "immudb"
[storage.immudb]host = "localhost"port = 3322database = "angzarr"username = "immudb"password = "immudb"Environment Variables
Section titled “Environment Variables”export IMMUDB_HOST="localhost"export IMMUDB_PORT="3322"export IMMUDB_DATABASE="angzarr"export IMMUDB_USERNAME="immudb"export IMMUDB_PASSWORD="immudb"export STORAGE_BACKEND="immudb"Cryptographic Verification
Section titled “Cryptographic Verification”Every event write returns a proof:
// Write eventlet tx = store.add_event(&event).await?;
// Verify event wasn't tamperedlet verified = store.verify_event(&event, &tx.proof).await?;assert!(verified);Merkle Tree Structure
Section titled “Merkle Tree Structure” Root Hash / \ Hash(0-1) Hash(2-3) / \ / \ H(e0) H(e1) H(e2) H(e3) | | | | Event0 Event1 Event2 Event3Modifying any event changes its hash, which propagates up, changing the root. Old root hashes become invalid.
Audit Trail
Section titled “Audit Trail”Query historical state with cryptographic proof:
// Get event at specific transactionlet event = store.get_event_at_tx(&cover, sequence, tx_id).await?;
// Verify it matches the state at that timelet proof = store.get_proof_at_tx(tx_id).await?;Docker Setup
Section titled “Docker Setup”# Start immudbdocker run -d \ --name immudb \ -p 3322:3322 \ -p 9497:9497 \ codenotary/immudb:latest
# Web console at http://localhost:9497When to Use immudb
Section titled “When to Use immudb”- Financial services — Regulatory compliance
- Healthcare — HIPAA audit trails
- Legal — Tamper-proof records
- Supply chain — Provenance tracking
- Government — Public records integrity
Testing
Section titled “Testing”# Run immudb tests (requires testcontainers)cargo test --test storage_immudb --features immudbNext Steps
Section titled “Next Steps”- PostgreSQL — Standard alternative
- Testing — Verification in tests