Privado ID Issuer Node

Streamline the Verifiable Credentials issuance process with the user-friendly API and UI of the Issuer Node within the Privado ID ecosystem. The on-premise (self-hosted) Issuer Node, seamlessly integrated with a robust suite of tools including the mobile Wallet, Schema Builder, and Credential Marketplace, guarantees a frictionless experience for effortlessly issuing and verifying credentials.

Features:

• Create Issuer Identities.
• Issue VCs.
• Revoke VCs.
• Fetch VCs.
• Transit Issuer's state.
• Create Issuer-User connections.
• Issuer's UI.

---

Table of Contents

• Privado ID Issuer Node
  • Table of Contents
  • Quick Start Installation
    • Prerequisites
    • Run Issuer Node API and UI (docker compose with images from privadoid dockerhub registry)
    • Install and run Issuer Node API and UI (docker compose and build from source)
    • Running only Issuer Node API (docker compose and build from source)
  • KMS Providers Configuration
  • Quick Start Demo
  • Documentation
  • Tools
  • License

Quick Start Installation

Note

The provided installation guide is non-production ready. For production deployments please refer to Standalone Mode Guide.

There is no compatibility with Windows environments at this time. While using WSL should be ok, it's not officially supported.

After changing the configuration, you must restart the issuer node docker containers.

Prerequisites

• Unix-based operating system (e.g. Debian, Arch, Mac OS)
• Docker Engine 1.27+
• Makefile toolchain GNU Make 3.81
• Publicly accessible URL - The issuer node API must be publicly reachable. Please make sure you properly configure your proxy or use a tool like Localtunnel for testing purposes.
• Polygon Amoy or Main RPC - You can get one in any of the providers of this list
  • Chainstack
  • Ankr
  • QuickNode
  • Alchemy
  • Infura

Run Issuer Node API and UI (docker compose with images from privadoid registry)

To run the issuer node (API and UI) quickly and without too many customizations follow the following steps:

1. Copy the config sample files:

cp .env-issuer.sample .env-issuer
cp .env-ui.sample .env-ui

2. Fill the .env-issuer config file with the proper variables:

.env-issuer

ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>

3. Create a file with the networks' configuration. You can copy and modify the provided sample file:

cp resolvers_settings_sample.yaml resolvers_settings.yaml

then modify the file with the proper values. The most important fields to run the issuer node are RPC (networkURL) fields. In this file you can define customizations for each type of blockchain and network. For this example, we only need to define the RPCs that we will use.

4. Run

make run-all-registry

after a few seconds, the issuer node will be running and you can check the docker containers with docker ps and you should see something like this:

CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS                    PORTS                                        NAMES
6e923fa11228   privadoid/issuernode-ui         "/bin/sh /app/script…"   37 seconds ago   Up 32 seconds (healthy)   0.0.0.0:8088->80/tcp                         issuer-ui-1
16afc9d66591   privadoid/issuernode-api        "sh -c ./pending_pub…"   37 seconds ago   Up 32 seconds (healthy)                                                issuer-pending_publisher-1
ceb41877c041   privadoid/issuernode-api        "sh -c ./notificatio…"   37 seconds ago   Up 32 seconds (healthy)                                                issuer-notifications-1
bd7b69984f1c   privadoid/issuernode-api        "sh -c './migrate &&…"   38 seconds ago   Up 34 seconds (healthy)   0.0.0.0:3001->3001/tcp                       issuer-api-1
25ae0fcac183   postgres:14-alpine              "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   5432/tcp                                     issuer-postgres-1
a4a1d3ec9159   redis:6-alpine                  "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   6379/tcp                                     issuer-redis-1

5. Import your Ethereum private key

make private_key=<private-key> import-private-key-to-kms 

then visit:

• https://localhost:8088/ to access the UI (default username / password are: user-ui, password-ui). You can set them using env vars.
• <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API. (default username / password are: user-issuer, password-issuer) You can set them using env vars.

Different installation alternatives can be seen later.

Install and run Issuer Node API and UI - docker compose and build from source.

Note

This Quick Installation Guide is prepared for Polygon Amoy (Testnet) both for the state contract and issuer dids.

In this section we will see how to install the issuer node api and the UI along with the necessary infrastructure in the most basic way, without too much customization.

1. Copy the config sample file:

cp .env-issuer.sample .env-issuer

2. Fill the .env-issuer config file with the proper variables:

.env-issuer

ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>
# API Auth credentials - You can change these values
ISSUER_API_AUTH_USER=user-issuer
ISSUER_API_AUTH_PASSWORD=password-issuer

3. Create a file with the networks' configuration. You can copy and modify the provided sample file:

cp resolvers_settings_sample.yaml resolvers_settings.yaml

then modify the file with the proper values. The most important fields to run the issuer node are RPC (networkURL) fields. In this file you can define customizations for each type of blockchain and network. For this example, we only need to define the RPCs. that will use.

4. Copy .env-ui sample file and fill the needed env variables:

cp .env-ui.sample .env-ui

If you want to disable UI authentication just change ISSUER_UI_INSECURE=true, or if you want to change ui authentication:

.env-ui

ISSUER_UI_AUTH_USERNAME=<your-username>
ISSUER_UI_AUTH_PASSWORD=<your-password>

5. Run API, UI and infrastructure (Postgres, localstorage and Redis)

To do a build and start both the API and the UI in a single step, you can use the following command:

make run-all

then visit

• http://localhost:8088/ to access the UI
• <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API.

6. Import your Ethereum private Key: Configure the private key. This step is needed in order to be able to transit the issuer's state. To perform that action the given account has to be funded. For Amoy network you can request some testing Matic here

make private_key=<private-key> import-private-key-to-kms

Running only Issuer Node API (docker compose and build from source)

If you want to run only the API, you can follow the steps below. You have to have the .env-issuer file filled with the proper values and the resolvers_settings.yaml file with the proper RPCs. Make sure the infrastructure is running (Postgres, localstorage and Redis). If not, you can run it with the following command:

make up

Then run:

make build-api && make run-api

---

Troubleshooting:

In order to stop all the containers, run the following command:

[!NOTE] This will not delete the data in the vault and the database.

make stop-all

To stop only the API and UI container, run:

make stop

If you want to delete all the data in the vault and the database, run:

make clean-volumes

If for some reason you only need to restart the UI, run:

make run-ui

To restart the api after changes (pull code with changes):

make build && make run

KMS Providers Configuration

Consider that if you have the issuer node running, after changing the configuration you must restart all the containers. In all options the .env-issuer file is necessary.

Running issuer node with vault instead of local storage file

The issuer node can be configured to use a HashiCorp Vault, as kms provider. However, Vault needs a plugin for key generation and message signing. This is because the issuer node does not generate private keys, but rather delegates that action and the signing of messages to the vault.

Setup environment variables in .env-issuer file:

ISSUER_KMS_BJJ_PROVIDER=vault
ISSUER_KMS_ETH_PROVIDER=vault

After configuring the variables, run the following commands:

make up

In this case, the docker container for vault will be created.

To import the private key (if you have changed the kms provider you have to import the private key again) necessary to transition issuer node states onchain, the command is the same as explained before:

make private_key <private-key> import-private-key-to-kms

Quick Start Demo

This Quick Start Demo will walk you through the process of issuing and verifying your first credential.

Documentation

• Issuer Node resources
• Privado ID core concepts

Tools

Warning

Privado ID Demo Issuer and Privado ID Verifier Backend Demo are for testing purposes only.

• Privado ID Schema Explorer: Browse and reuse community-maintained VC schemas.
• Privado ID Schema Builder: A tool for easy VC schema creation.
• Privado ID Demo Issuer: A demo version of the Issuer Node in action.
• Privado ID Query Builder: Build and customize queries to verify VCs.
• Privado ID Verifier Backend Demo: Demo of our reference implementation of a verifier backend.
• Privado ID Web Wallet: Identity and credential wallet for web clients.
• Privado ID Mobile Wallet for Android: Wallet for Android devices.
• Privado ID Mobile Wallet for iOS: Wallet for iOS devices.
• Privado ID Marketplace: Explore credentials submitted by trusted issuers.

License

By contributing to this project, you agree to the terms of licenses Apache and Mit.