Skip to content

Privado ID Self-Hosted Issuer Node

License

Notifications You must be signed in to change notification settings

secureonelabs/issuer-node

 
 

Repository files navigation

Privado ID Issuer Node

Checks golangci-lint

Streamline the Verifiable Credentials issuance process with the user-friendly API and UI of the Issuer Node within the Privado ID ecosystem. The on-premise (self-hosted) Issuer Node, seamlessly integrated with a robust suite of tools including the mobile Wallet, Schema Builder, and Credential Marketplace, guarantees a frictionless experience for effortlessly issuing and verifying credentials.

Triagle-of-trust

Features:

  • Create Issuer Identities.
  • Issue VCs.
  • Revoke VCs.
  • Fetch VCs.
  • Transit Issuer's state.
  • Create Issuer-User connections.
  • Issuer's UI.

Table of Contents

Quick Start Installation

Note

The provided installation guide is non-production ready. For production deployments please refer to Standalone Mode Guide.

There is no compatibility with Windows environments at this time. While using WSL should be ok, it's not officially supported.

After changing the configuration, you must restart the issuer node docker containers.

Prerequisites

  • Unix-based operating system (e.g. Debian, Arch, Mac OS)
  • Docker Engine 1.27+
  • Makefile toolchain GNU Make 3.81
  • Publicly accessible URL - The issuer node API must be publicly reachable. Please make sure you properly configure your proxy or use a tool like Localtunnel for testing purposes.
  • Polygon Amoy or Main RPC - You can get one in any of the providers of this list

Run Issuer Node API and UI (docker compose with images from privadoid registry)

To run the issuer node (API and UI) quickly and without too many customizations follow the following steps:

  1. Copy the config sample files:
cp .env-issuer.sample .env-issuer
cp .env-ui.sample .env-ui
  1. Fill the .env-issuer config file with the proper variables:

.env-issuer

ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>
  1. Create a file with the networks' configuration. You can copy and modify the provided sample file:
cp resolvers_settings_sample.yaml resolvers_settings.yaml

then modify the file with the proper values. The most important fields to run the issuer node are RPC (networkURL) fields. In this file you can define customizations for each type of blockchain and network. For this example, we only need to define the RPCs that we will use.

  1. Run
make run-all-registry

after a few seconds, the issuer node will be running and you can check the docker containers with docker ps and you should see something like this:

CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS                    PORTS                                        NAMES
6e923fa11228   privadoid/issuernode-ui         "/bin/sh /app/script…"   37 seconds ago   Up 32 seconds (healthy)   0.0.0.0:8088->80/tcp                         issuer-ui-1
16afc9d66591   privadoid/issuernode-api        "sh -c ./pending_pub…"   37 seconds ago   Up 32 seconds (healthy)                                                issuer-pending_publisher-1
ceb41877c041   privadoid/issuernode-api        "sh -c ./notificatio…"   37 seconds ago   Up 32 seconds (healthy)                                                issuer-notifications-1
bd7b69984f1c   privadoid/issuernode-api        "sh -c './migrate &&…"   38 seconds ago   Up 34 seconds (healthy)   0.0.0.0:3001->3001/tcp                       issuer-api-1
25ae0fcac183   postgres:14-alpine              "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   5432/tcp                                     issuer-postgres-1
a4a1d3ec9159   redis:6-alpine                  "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   6379/tcp                                     issuer-redis-1
  1. Import your Ethereum private key
make private_key=<private-key> import-private-key-to-kms 

then visit:

  • https://localhost:8088/ to access the UI (default username / password are: user-ui, password-ui). You can set them using env vars.
  • <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API. (default username / password are: user-issuer, password-issuer) You can set them using env vars.

Different installation alternatives can be seen later.

Install and run Issuer Node API and UI - docker compose and build from source.

Note

This Quick Installation Guide is prepared for Polygon Amoy (Testnet) both for the state contract and issuer dids.

In this section we will see how to install the issuer node api and the UI along with the necessary infrastructure in the most basic way, without too much customization.

  1. Copy the config sample file:
cp .env-issuer.sample .env-issuer
  1. Fill the .env-issuer config file with the proper variables:

.env-issuer

ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>
# API Auth credentials - You can change these values
ISSUER_API_AUTH_USER=user-issuer
ISSUER_API_AUTH_PASSWORD=password-issuer
  1. Create a file with the networks' configuration. You can copy and modify the provided sample file:
cp resolvers_settings_sample.yaml resolvers_settings.yaml

then modify the file with the proper values. The most important fields to run the issuer node are RPC (networkURL) fields. In this file you can define customizations for each type of blockchain and network. For this example, we only need to define the RPCs. that will use.

  1. Copy .env-ui sample file and fill the needed env variables:
cp .env-ui.sample .env-ui

If you want to disable UI authentication just change ISSUER_UI_INSECURE=true, or if you want to change ui authentication:

.env-ui

ISSUER_UI_AUTH_USERNAME=<your-username>
ISSUER_UI_AUTH_PASSWORD=<your-password>
  1. Run API, UI and infrastructure (Postgres, localstorage and Redis)

To do a build and start both the API and the UI in a single step, you can use the following command:

make run-all

then visit

  • http://localhost:8088/ to access the UI
  • <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API.
  1. Import your Ethereum private Key: Configure the private key. This step is needed in order to be able to transit the issuer's state. To perform that action the given account has to be funded. For Amoy network you can request some testing Matic here
make private_key=<private-key> import-private-key-to-kms

Running only Issuer Node API (docker compose and build from source)

If you want to run only the API, you can follow the steps below. You have to have the .env-issuer file filled with the proper values and the resolvers_settings.yaml file with the proper RPCs. Make sure the infrastructure is running (Postgres, localstorage and Redis). If not, you can run it with the following command:

make up

Then run:

make build-api && make run-api

Troubleshooting:

In order to stop all the containers, run the following command:

[!NOTE] This will not delete the data in the vault and the database.

make stop-all

To stop only the API and UI container, run:

make stop

If you want to delete all the data in the vault and the database, run:

make clean-volumes

If for some reason you only need to restart the UI, run:

make run-ui

To restart the api after changes (pull code with changes):

make build && make run

KMS Providers Configuration

Consider that if you have the issuer node running, after changing the configuration you must restart all the containers. In all options the .env-issuer file is necessary.

Running issuer node with vault instead of local storage file

The issuer node can be configured to use a HashiCorp Vault, as kms provider. However, Vault needs a plugin for key generation and message signing. This is because the issuer node does not generate private keys, but rather delegates that action and the signing of messages to the vault.

Setup environment variables in .env-issuer file:

ISSUER_KMS_BJJ_PROVIDER=vault
ISSUER_KMS_ETH_PROVIDER=vault

After configuring the variables, run the following commands:

make up

In this case, the docker container for vault will be created.

To import the private key (if you have changed the kms provider you have to import the private key again) necessary to transition issuer node states onchain, the command is the same as explained before:

make private_key <private-key> import-private-key-to-kms

Quick Start Demo

This Quick Start Demo will walk you through the process of issuing and verifying your first credential.

Documentation

Tools

Warning

Privado ID Demo Issuer and Privado ID Verifier Backend Demo are for testing purposes only.

License

By contributing to this project, you agree to the terms of licenses Apache and Mit.

About

Privado ID Self-Hosted Issuer Node

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 70.1%
  • TypeScript 27.2%
  • Makefile 0.7%
  • SCSS 0.7%
  • Shell 0.4%
  • Smarty 0.4%
  • Other 0.5%