Streamline the Verifiable Credentials issuance process with the user-friendly API and UI of the Issuer Node within the EnergyID ecosystem. The on-premise (self-hosted) Issuer Node, seamlessly integrated with a robust suite of tools including the mobile Wallet, Schema Builder, and Credential Marketplace, guarantees a frictionless experience for effortlessly issuing and verifying credentials.
Features:
- Create Issuer Identities.
- Issue VCs.
- Revoke VCs.
- Fetch VCs.
- Transit Issuer's state.
- Create Issuer-User connections.
- Issuer's UI.
Note
The provided installation guide is non-production ready. For production deployments please refer to [Standalone Mode Guide].
There is no compatibility with Windows environments at this time. While using WSL should be ok, it's not officially supported.
After changing the configuration, you must restart the issuer node docker containers.
- Unix-based operating system (e.g. Debian, Arch, Mac OS)
- Docker Engine
1.27+ - Makefile toolchain
GNU Make 3.81 - Publicly accessible URL - The issuer node API must be publicly reachable. Please make sure you properly configure your proxy or use a tool like Localtunnel for testing purposes.
- Polygon Amoy or Main RPC - You can get one in any of the providers of this list
To run the issuer node (API and UI) quickly and without too many customizations follow the following steps:
- Copy the config sample files:
cp .env-issuer.sample .env-issuer
cp .env-ui.sample .env-ui- Fill the .env-issuer config file with the proper variables:
.env-issuer
ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>- Create a file with the networks' configuration. You can copy and modify the provided sample file:
cp resolvers_settings_sample.yaml resolvers_settings.yamlthen modify the file with the proper values. The most important fields to run the issuer node are RPC (networkURL) fields.
In this file you can define customizations for each type of blockchain and network. For this example, we only need to
define the RPCs that we will use.
- Run
make run-all-registryafter a few seconds, the issuer node will be running and you can check the docker containers with docker ps and you
should see something like this:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6e923fa11228 issuernode-ui "/bin/sh /app/script…" 37 seconds ago Up 32 seconds (healthy) 0.0.0.0:8088->80/tcp issuer-ui-1
16afc9d66591 issuernode-api "sh -c ./pending_pub…" 37 seconds ago Up 32 seconds (healthy) issuer-pending_publisher-1
ceb41877c041 issuernode-api "sh -c ./notificatio…" 37 seconds ago Up 32 seconds (healthy) issuer-notifications-1
bd7b69984f1c issuernode-api "sh -c './migrate &&…" 38 seconds ago Up 34 seconds (healthy) 0.0.0.0:3001->3001/tcp issuer-api-1
25ae0fcac183 postgres:14-alpine "docker-entrypoint.s…" 38 seconds ago Up 36 seconds (healthy) 5432/tcp issuer-postgres-1
a4a1d3ec9159 redis:6-alpine "docker-entrypoint.s…" 38 seconds ago Up 36 seconds (healthy) 6379/tcp issuer-redis-1- Import your Ethereum private key
make private_key=<private-key> import-private-key-to-kms then visit:
- https://localhost:8088/ to access the UI (default username / password are: user-ui, password-ui). You can set them using env vars.
- <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API. (default username / password are: user-issuer, password-issuer) You can set them using env vars.
Different installation alternatives can be seen later.
Note
This Quick Installation Guide is prepared for Polygon Amoy (Testnet) both for the state contract and issuer dids.
In this section we will see how to install the issuer node api and the UI along with the necessary infrastructure in the most basic way, without too much customization.
- Copy the config sample file:
cp .env-issuer.sample .env-issuer- Fill the .env-issuer config file with the proper variables:
.env-issuer
ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>
# API Auth credentials - You can change these values
ISSUER_API_AUTH_USER=user-issuer
ISSUER_API_AUTH_PASSWORD=password-issuer- Create a file with the networks' configuration. You can copy and modify the provided sample file:
cp resolvers_settings_sample.yaml resolvers_settings.yamlthen modify the file with the proper values. The most important fields to run the issuer node are RPC (networkURL) fields.
In this file you can define customizations for each type of blockchain and network. For this example, we only need to
define the RPCs. that will use.
- Copy .env-ui sample file and fill the needed env variables:
cp .env-ui.sample .env-uiIf you want to disable UI authentication just change ISSUER_UI_INSECURE=true, or if you want to change ui authentication:
.env-ui
ISSUER_UI_AUTH_USERNAME=<your-username>
ISSUER_UI_AUTH_PASSWORD=<your-password>- Run API, UI and infrastructure (Postgres, localstorage and Redis)
To do a build and start both the API and the UI in a single step, you can use the following command:
make run-allthen visit
- http://localhost:8088/ to access the UI
- <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API.
- Import your Ethereum private Key: Configure the private key. This step is needed in order to be able to transit the issuer's state. To perform that action the given account has to be funded. For Amoy network you can request some testing Matic here
make private_key=<private-key> import-private-key-to-kmsIf you want to run only the API, you can follow the steps below. You have to have the .env-issuer file filled with
the proper values and the resolvers_settings.yaml file with the proper RPCs.
Make sure the infrastructure is running (Postgres, localstorage and Redis). If not, you can run it with the following command:
make upThen run:
make build-api && make run-apiTroubleshooting:
In order to stop all the containers, run the following command:
[!NOTE] This will not delete the data in the vault and the database.
make stop-allTo stop only the API and UI container, run:
make stopIf you want to delete all the data in the vault and the database, run:
make clean-volumesIf for some reason you only need to restart the UI, run:
make run-uiTo restart the api after changes (pull code with changes):
make build && make runConsider that if you have the issuer node running, after changing the configuration you must restart all the containers. In all options the .env-issuer file is necessary.
The issuer node can be configured to use a HashiCorp Vault, as kms provider. However, Vault needs a plugin for key generation and message signing. This is because the issuer node does not generate private keys, but rather delegates that action and the signing of messages to the vault.
Setup environment variables in .env-issuer file:
ISSUER_KMS_BJJ_PROVIDER=vault
ISSUER_KMS_ETH_PROVIDER=vaultAfter configuring the variables, run the following commands:
make upIn this case, the docker container for vault will be created.
To import the private key (if you have changed the kms provider you have to import the private key again) necessary to transition issuer node states onchain, the command is the same as explained before:
make private_key <private-key> import-private-key-to-kmsBy contributing to this project, you agree to the terms of licenses Apache and Mit.