forked from hyperledger-labs/business-partner-agent
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env-example
145 lines (111 loc) · 4.78 KB
/
.env-example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# ------------------------------------------------------------
# Business Partner Agent
# ------------------------------------------------------------
# Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection
AGENT_NAME="Business Partner Agent 1"
AGENT2_NAME="Business Partner Agent 2"
# How the BPA is seen from the outside world, either: ip address or dns name
# The hostname will also be registered as part of the profile endpoint on the ledger
BPA_HOST=bpa1:8080
BPA2_HOST=bpa2:8090
# Internal BPA service port
BPA_PORT=8080
BPA2_PORT=8090
BPA_DEBUG_PORT=1044
BPA2_DEBUG_PORT=1045
# The scheme that is used to register the profile endpoint on the ledger
BPA_SCHEME=https
BPA_CONFIG_FILES=classpath:application.yml,classpath:schemas.yml
# Enable/disable login screen
# Must be run behind a TLS proxy, if login over plain http is desired
# -Dmicronaut.session.http.cookie-secure=false needs to be set in the JAVA_OPTS for both bpa1 and bpa2
BPA_SECURITY_ENABLED=true
# Default username and password, set if running in production like environments
BPA_BOOTSTRAP_UN=admin
BPA_BOOTSTRAP_PW=changeme
# Run in did:web mode with read only ledger. If set to true ACAPY_READ_ONLY_MODE has to be set as well.
# Once the mode is set you can not change it again without removing the postgres volume
BPA_WEB_MODE=false
# Docker image to be used for the business partner
BPA_DOCKER_IMAGE=ghcr.io/hyperledger-labs/business-partner-agent-new:edge
# This will set the registry size when a credential definition is created with 'Support Revocation' set to true.
# This requires a configured tails server to take effect (see ACAPY_TAILS_ properties below)
BPA_CREDDEF_REVOCATION_REGISTRY_SIZE=3000
# Optional: bcgov ledger explorer (https://github.com/bcgov/von-network)
BPA_LEDGER_BROWSER=http://test.bcovrin.vonx.io
# Optional: If set bpa renders a link to an external imprint page
BPA_IMPRINT_URL=
# Optional: If set bpa renders a link to an external privacy policy page
BPA_PRIVACY_POLICY_URL=
# Optional: Send event notifications via email - requires mailjet developer account
# Verified sender (from) email address
# MAIL_USERNAME=
# MAILJET_API_KEY=
# MAILJET_API_SECRET=
# ------------------------------------------------------------
# ACA-PY
# ------------------------------------------------------------
# Run in read only mode, requires BPA_WEB_MODE to be true.
#ACAPY_READ_ONLY_MODE=--read-only-ledger
# To support revocation set the 2 URLs of an existing tails server
ACAPY_TAILS_BASE_URL="--tails-server-base-url https://tails-test.vonx.io"
ACAPY_TAILS_UPLOAD_URL="--tails-server-upload-url https://tails-test.vonx.io"
#
# Identity
#
# Enter wallet seed here:
#ACAPY_SEED=YjieiZiyoHaMza3sxXmgBYjBQ7L1er62
#ACAPY_SEED2=YjieiZiyoHaMza3sxXmgBYjBQ7L1er61
#
# Build
#
# Build ACA-Py instead of using a published image. Requires usage of docker-compose.custom-acapy.yml
# Example here is using the current master
ACAPY_BUILD_CONTEXT=https://github.com/hyperledger/aries-cloudagent-python.git
ACAPY_BUILD_DOCKERFILE_PATH=docker/Dockerfile.run
#
# Security
#
# Protect all admin endpoints with the provided API key
# Development setup (do not use in production!)
ACAPY_ADMIN_CONFIG=--admin-insecure-mode
# Production setup (change the key to a generated secret one)
#ACAPY_ADMIN_URL_API_KEY=change-me
#ACAPY_ADMIN_CONFIG=--admin-api-key ${ACAPY_ADMIN_URL_API_KEY}
#
# Connectivity
#
# Exposed service ports
ACAPY_HTTP_PORT=8030
ACAPY_ADMIN_PORT=8031
# Public endpoint URL that is registered on the ledger
ACAPY_ENDPOINT=http://bpa-agent1:8030
ACAPY2_HTTP_PORT=8040
ACAPY2_ADMIN_PORT=8041
ACAPY2_ENDPOINT=http://bpa-agent2:8040
#
# Wallet Storage
#
ACAPY_WALLET_TYPE=postgres_storage
ACAPY_WALLET_DATABASE=wallet_db
ACAPY_WALLET_ENCRYPTION_KEY=key
# ------------------------------------------------------------
# Postgres Storage
# ------------------------------------------------------------
POSTGRESQL_HOST=bpa-wallet-db1
POSTGRESQL1_PORT=5432
POSTGRESQL2_HOST=bpa-wallet-db2
POSTGRESQL2_PORT=5452
POSTGRESQL_USER=walletuser
POSTGRESQL_PASSWORD=walletpassword
# ------------------------------------------------------------
# Keycloak OIDC Configuration for docker-compose.oidc-security.yaml
# ------------------------------------------------------------
BPA_KEYCLOAK_CLIENT_ID=<OIDC Client Id>
BPA_KEYCLOAK_CLIENT_SECRET=<OIDC Client Secret>
BPA_KEYCLOAK_ISSUER=<OIDC Realm URL>
BPA_KEYCLOAK_REDIRECT_URI=http://localhost:{BPA_PORT}/logout
BPA_KEYCLOAK_ENDSESSION_URL={BPA_KEYCLOAK_ISSUER}/protocol/openid-connect/logout
## ID of Presentation Request to forward to https://github.com/bcgov/vc-authn-oidc Identify Provider
## which is configured in this repo https://github.com/bcgov/a2a-trust-over-ip-configurations/tree/master/proof-configurations
BPA_KEYCLOAK_VCAUTHN_PRES_REQ_CONF_ID=<see comment>