Error Message when running register-dids.sh script

[msingh1304]

Discussed in #856

^{Originally posted by msingh1304 February 7, 2023}
Hello Team,

We have completed the pre-requisite required for the installation but now facing an issue when trying to run the script.

Pre-requisite completed:

 VM has been configured on Cloud.

 Pre-requisite of installing the below mentioned tools on VM have already been completed.
o docker
o docker-compose
o git

Current Impediment/Blocker:

 When trying to run the script “register-dids.sh” as per the docs, we are getting the below mentioned message, could you please confirm what is this gp used for and which package is required to run gp?, we could not find this in the pre-requisite list document.

Error Message: /usr/bin/which: no gp in (/home/linux/.local/bin:/home/linux/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin)

[etschelp]

gp stands for gitpod, and it is not needed for local installations. Seems like the which command is not portable enough between distributions. Try replacing lines 8 and 54 in register-dids.sh with if command -v gp > /dev/null 2>&1; then

[msingh1304]

@etschelp

gp error is gone now after making the suggested changes in the script, but after that when I am trying to run docker compose, I am getting the below mentioned message:

WARN[0000] The "POSTGRESQL2_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
WARN[0000] The "AGENT2_NAME" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_ENDPOINT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_ADMIN_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA2_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "POSTGRESQL2_HOST" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA2_HOST" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA2_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "BPA2_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_ADMIN_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_ADMIN_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_HTTP_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_HTTP_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_HTTP_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_ENDPOINT" variable is not set. Defaulting to a blank string.
WARN[0000] The "POSTGRESQL2_HOST" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_SEED2" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY2_ADMIN_PORT" variable is not set. Defaulting to a blank string.
WARN[0000] The "AGENT2_NAME" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
services.bpa-agent2.ports array items[0,1] must be unique

[msingh1304]

Note: Our VM is hosted in public cloud, we have also provided internet access to our VM and no such firewall in place.

[etschelp]

This means that the .env file is missing, what does the output of the register-dids.sh script say? You are probably running into another failure and hence the .env file is never created and so you are missing all the properties.

You can of course do what the script does manually.

1. Copy the .env-example to .env
2. Create two seeds e.g. like this
3. register both seeds with http://test.bcovrin.vonx.io
4. set the seeds in .env lines 74 and 75

[msingh1304]

@etschelp

I get this output when I run register-dids.sh

---

[mytestlinux@myssi scripts]$ ./register-dids.sh
Registering DID for ACAPY_SEED
{
"did": "NTgsDJcAMvSSHn6Amo3Lu9",
"seed": "JkzFi2R1GKjmLBp5Gj7SOPxt0BhqsTVt",
"verkey": "ChQ2CEZa9ebHy6iKqUtu4wGothmh2F2XAwwHAXwaq7h9"
}
Registration on http://test.bcovrin.vonx.io successful
Setting ACAPY_SEED in .env file
Registering DID for ACAPY_SEED2
{
"did": "UMAuZsCyrDvJxFnpkBndTY",
"seed": "cBlIGtghql5rAeAM0P6cl2tubvpTMX6d",
"verkey": "FuWzBa8UegVHGicE9kjqLSGTgD7aaFSinmKx1tCk7Ucg"
}
Registration on http://test.bcovrin.vonx.io successful
Setting ACAPY_SEED2 in .env file

---

[msingh1304]

@etschelp

Do I need to set this seed manually in .env file, please guide, I am little bit confused. Also let me know after running docker compose up, will everything be functional or I need to do some other configuration.

[etschelp]

Ok, this looks like a successful run, so no you should not do anything else. Still your output above looks like there is no .env file, but this can also happen if you run docker compose from outside the scripts folder for example. How do you start the compose file and from where?

[msingh1304]

@etschelp

I am trying to run the docker compose up from the script folder.

[etschelp]

Can you double check if the .env file is there by running docker compose --env-file .env -f docker-compose.yml up ?

[msingh1304]

after running this command getting the same error and one more thing, .env file is hidden so I have to ls -la to show up.

[etschelp]

Does the .env file have any content? What is the full log output?

[msingh1304]

I see the message now build finished, however I also get this message at the last, is it done if yes then what are the next steps?

=> CANCELED [ghcr.io/hyperledger-labs/business-partner-agent:local internal] load metadata for docker.io/library/e 0.0s
=> CANCELED [ghcr.io/hyperledger-labs/business-partner-agent:local internal] load metadata for docker.io/library/n 0.0s
=> CANCELED [ghcr.io/hyperledger-labs/business-partner-agent:local internal] load metadata for docker.io/library/m 0.0s
failed to solve: failed to read dockerfile: open /var/lib/docker/tmp/buildkit-mount83726362/Dockerfile: no such file or directory

[etschelp]

Did you start with docker compose --env-file .env -f docker-compose.yml up ? The message above looks like you did build a local image and now it can not be referenced. If you use the -f option the image from GitHub will be used. For next steps look in the readme, if everything starts up you will have ONE BPA running and can access the UI under port 8080. All further steps depend on you usecase.

[msingh1304]

@etschelp

I get the below mentioned message when I run the command suggested by you

[mylinux@myssi scripts]$ docker compose --env-file .env -f docker-compose.yml up
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
[+] Running 0/1
⠿ mylab-bpa-controller Warning 1.3s
[+] Building 0.0s (2/2) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
failed to solve: failed to read dockerfile: open /var/lib/docker/tmp/buildkit-mount3435115204/Dockerfile: no such file or directory

---

logs

[mylinux@ssi scripts]$ docker compose logs -f
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.

[etschelp]

Weird there should not be any Dockerfile involved. try the following:

1. In scripts run docker compose down -v
2. Run docker ps There should not be any running containers, if so stop them
3. Delete/rename/move the docker-compose.override.yml file
4. Start again

[msingh1304]

@etschelp

I performed the aforementioned steps and then ran this command "docker compose --env-file .env -f docker-compose.yml up"

I am getting this message now

[mylinux@ssi scripts]$ docker compose --env-file .env -f docker-compose.yml up
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
[+] Running 0/1
⠿ my-bpa-controller Warning 1.3s
[+] Building 0.0s (2/2) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 2B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
failed to solve: failed to read dockerfile: open /var/lib/docker/tmp/buildkit-mount3199535724/Dockerfile: no such file or directory

---

logs

[mylinux@ssi scripts]$ docker compose logs -f
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.

And one more questions, I am trying to run a business partner agent with docker-compose on our VM hosted on cloud or shall I follow the steps of Public VM Deployment?

[etschelp]

The next thing you can try is to remove all containers and images and then start up again same as above:

docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
docker rmi $(docker images -q)

[msingh1304]

@etschelp

Thanks for all the help, all the containers are running fine except aries cloud agent, getting this error message

Error Message: [main] TRACE AriesClient - aca-py not ready yet, reason: Failed to connect to myssilab-aries-agent/192.168.77.3:11708

And we have opened all the ports, don't really know what is the issue.

Additional logs:

at org.hyperledger.bpa.impl.StartupTasks$ApplicationEventListener$onServiceStartedEvent1$Intercepted.onApplicationEvent(Unknown Source) ~[business-partner-agent.jar:?]
at io.micronaut.context.event.ApplicationEventPublisherFactory.notifyEventListeners(ApplicationEventPublisherFactory.java:262) ~[business-partner-agent.jar:?]
at io.micronaut.context.event.ApplicationEventPublisherFactory.access$200(ApplicationEventPublisherFactory.java:60) ~[business-partner-agent.jar:?]
at io.micronaut.context.event.ApplicationEventPublisherFactory$2.publishEvent(ApplicationEventPublisherFactory.java:229) ~[business-partner-agent.jar:?]
at io.micronaut.context.DefaultBeanContext.publishEvent(DefaultBeanContext.java:1650) ~[business-partner-agent.jar:?]
at io.micronaut.context.DefaultBeanContext.start(DefaultBeanContext.java:258) ~[business-partner-agent.jar:?]
at io.micronaut.context.DefaultApplicationContext.start(DefaultApplicationContext.java:181) ~[business-partner-agent.jar:?]
at io.micronaut.runtime.Micronaut.start(Micronaut.java:71) [business-partner-agent.jar:?]
at io.micronaut.runtime.Micronaut.run(Micronaut.java:311) [business-partner-agent.jar:?]
at io.micronaut.runtime.Micronaut.run(Micronaut.java:297) [business-partner-agent.jar:?]
at org.hyperledger.bpa.Application.main(Application.java:34) [business-partner-agent.jar:?]

More

---

Do we need to set these value also

WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.

Please confirm

[etschelp]

The log output is not enough to tell what's wrong. The "aca-py not ready yet" message can happen a couple of times depending on the startup order of the containers and is on it self not problematic.

If the above exception happens because of a timeout this can have two reasons.

1. The aca-py container did not start, because of a multitude of reasons like: changed seed, no ledger, no database etc.
2. The the aca-py api endpoint is configured as secure, but you did not change the bpa setting. But if you did not change the .env file from the defaults like below, this is probably not the case

ACAPY_ADMIN_CONFIG=--admin-insecure-mode
# Production setup (change the key to a generated secret one)
#ACAPY_ADMIN_URL_API_KEY=change-me
#ACAPY_ADMIN_CONFIG=--admin-api-key ${ACAPY_ADMIN_URL_API_KEY}

So if line 91ff in your .env file looks like above 2 is not the reason, and it is probably 1. And you have to check your logs for the aca-py output.

If you see the following:

::::::::::::::::::::::::::::::::::::::::::::::
:: Aries Cloud Agent                        ::
::                                          ::
::                                          ::
:: Inbound Transports:                      ::
::                                          ::
::   - http://0.0.0.0:8030                  ::
::                                          ::
:: Outbound Transports:                     ::
::                                          ::
::   - http                                 ::
::   - https                                ::
::                                          ::
:: Administration API:                      ::
::                                          ::
::   - http://0.0.0.0:8031                  ::
::                                          ::
::                               ver: 0.7.5 ::
::::::::::::::::::::::::::::::::::::::::::::::

Listening...

aca-py comes up and I need the full BPA stack trace to see what is going on. If not then I need the aca-py part

[msingh1304]

@etschelp

It is exactly like this in my .env file as you mentioned.

ACAPY_ADMIN_CONFIG=--admin-insecure-mode

Production setup (change the key to a generated secret one)

#ACAPY_ADMIN_URL_API_KEY=change-me
#ACAPY_ADMIN_CONFIG=--admin-api-key ${ACAPY_ADMIN_URL_API_KEY}

how do I see the entire logs?

[etschelp]

If you start with docker compose up the log is available in you console

[msingh1304]

I did this, but I don't see any error here

[msingh1304]

[+] Running 5/5
⠿ Network mylabs-deployment_mylab-bpa Created 0.3s
⠿ Container mylab-nginx-reverse-proxy Started 1.0s
⠿ Container mylab-postgres-wallet Started 0.8s
⠿ Container mylab-aries-agent Started 1.3s
⠿ Container mylab-bpa-controller Started 1.6s
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
[+] Running 1/1
⠿ Container mylab-aries-agent Started 10.6s
WARN[0000] The "ACAPY_ADMIN_URL_API_KEY" variable is not set. Defaulting to a blank string.
WARN[0000] The "ACAPY_READ_ONLY_MODE" variable is not set. Defaulting to a blank string.
[+] Running 1/1
⠿ Container mylab-nginx-reverse-proxy Started

Everything is running , did not get any error, do I need to check the logs of aries agent by running docker logs mylab-aries-agent

[etschelp]

The containers where not properly stopped:

docker compose down
check if there are realy down with: docker ps
and then from the top

[msingh1304]

All the containers are up and running but still unable to connect

[etschelp]

All the containers are up and running but still unable to connect

what do you mean by that:

1. you stopped/restarted everything, and now you see the logging output and everything is fine
2. you open the browser and nothing happens

I can not help you if you do not give me more context, as I have no clue what you are doing, sorry

[msingh1304]

1. you stopped/restarted everything, and now you see the logging output and everything is fine: Yes, container is running, when I run docker logs agent-container name , I get the same message, unable to connect that I pasted before.
2. you open the browser and nothing happens : Yes, that's correct.

[msingh1304]

Also when I try to run curl command it says, failed to connect.

[etschelp]

i recommend using bpa's UI for this, as the proof template api works different, as it is not based on the proof-request, it is a template that renders a proof-request later on. if you want to reverse engineer and do everything with postman, see what the browser sends to the backend controller and go from there.

[etschelp]

or check the swagger docs for the rest api e.g. http://localhost:8080/swagger-ui/

[msingh1304]

@etschelp

How do I access the bpa's UI, is it the BPA_WEBHOOK_URL?

[etschelp]

https://github.com/hyperledger-labs/business-partner-agent/tree/main/scripts#accessing-the-frontend

[msingh1304]

@etschelp

When I am using the below mentioned proof template, I get success response in postman but the attribute values are coming as blank in the wallet when trying to verify it.

{
"name": "My-Basis-ID-Proof",
"attributeGroups": [
{
"schemaUUID": "d512daa9-87df-4964-9caf-c7088cd401a9",
"nonRevoked": true,
"attributes": [
{
"name": "firstName",
"conditions": []
},
{
"name": "familyName",
"conditions": []
}
],
"schemaLevelRestrictions": {
"schemaName": "My-Basis-ID-Proof",
"schemaVersion": "0.1",
"schemaIssuerDid": "xxxxxxx9A6s",
"credentialDefinitionId": "xxxxxx9A6s:3:CL:40987:My-Basis-ID-Proof",
"issuerDid": "xxxxx9A6s"
}
}
]
}

---

When I am using this template, it doesn't work, I get error message
Error message: {
"message": "Bad Request",
"_embedded": {
"errors": [
{
"message": "template.attributeGroups: must not be empty",
"_embedded": {},
"_links": {}
}
]
},
"_links": {
"self": {
"href": "/api/proof-templates",
"templated": false
}
}
}

Template

{
    "nonce": "1119659676972173955782496",
    "name": "Test-ID",
    "version": "1.0",
    "requested_attributes": {
        "xxxxxxxx9A6s:2:Test-ID:0.1": {
            "names": [
                "firstName",
                "familyName"
            ],
            "non_revoked": {
                "to": 1678451649,
                "from": 1678451649
            },
			"attributes": [
                {
                    "name": "firstName",
                    "conditions": []
                },
                {
                    "name": "familyName",
                    "conditions": []
                }
            ],
            "restrictions": [
                {
                    "schema_id": "xxxxxxxx9A6s:2:Test-ID:0.1",
                    "schema_name": "Test-ID",
                    "schema_version": "0.1",
                    "schema_issuer_did": "xxxxxxxx9A6s",
                    "cred_def_id": "xxxxxxxxxx9A6s:3:CL:41055:Test-ID",
                    "issuer_did": "xxxxxxxxx9A6s"
                }
            ]
        }
    },
    "requested_predicates": {}
}

Also unable to access the front end.

[etschelp]

1. create a proof template. a proof template is not a proof request in the scope of the bpa. see swagger-ui or browser on how this works. what you have above looks ok i guess
2. send a proof request based on the template to a connection. again swagger-ui or browser

[msingh1304]

@etschelp

Yes, I did the same thing that you are mentioning here, after creating the proof template, I sent the proof request

Step 1: Created a Schema
Step 2: Created Credential Definition
Step 3: Created Proof Template
Step 4: Created Connection Invitation Request
Step 5: Issued a credential
Step 6: Verifying the credential.

Following all the process but still unable to figure it out why the blank values are showing up when verifying the credential and all the previous steps are working fine.

[etschelp]

Also unable to access the front end.

did you map the port?

but the attribute values are coming as blank in the wallet when trying to verify it.

what do you mean by that and where? the app the bpa? be aware that here is a difference between a proof request and the presentation.

[msingh1304]

Also unable to access the front end.

did you map the port?

but the attribute values are coming as blank in the wallet when trying to verify it.

what do you mean by that and where? the app the bpa? be aware that here is a difference between a proof request and the presentation.

When I say values are coming as blank, it is coming as blank in the wallet. I know proof request and template are different.

Proof Request Sample:

---

{
    "credDefUUID": "xxx-0388-4sds84-xxx-99f8038ba215",
    "partnerId": "xxxx-9eac-xxxx-xxxx-4b7e34ad18c9",
    "document": {
        "familyName": "Singh",
        "firstName": "M"
    }
}

And the above one I am using it to create proof template.

---

[etschelp]

it totally depends on the wallet app how it displays the proof request, with value restrictions or not. the important part is what the wallet app responds. so if you have two credentials one with name=test and one with name=other and you send a proof request with a value restriction name=test and the wallet app selects the one with name=test, and the bpa receives name=test then everything works as expected.

[msingh1304]

it totally depends on the wallet app how it displays the proof request, with value restrictions or not. the important part is what the wallet app responds. so if you have two credentials one with name=test and one with name=other and you send a proof request with a value restriction name=test and the wallet app selects the one with name=test, and the bpa receives name=test then everything works as expected.

Exactly, that is how it should work, whenever I am verifying the credential, it is verifying the same credentials present in the wallet for the respective schema id and credential id. Anything else that I need to look into this issue?

[msingh1304]

@etschelp

Issue is resolved now, I found that the DB PostgreSQL port was not open, credentials were appearing in the wallet but it was not persisting the data, hence the values were coming as blank in the wallet at the time of verifying the credentials. I think this could be the only issue, after opening the port, container restart, everything started working fine.

Thanks to you also for helping me every time to dig further into the issue and find the root cause. There is one more question, I find lissi wallet slower than estatus wallet, which wallet works well lissi or estatus?

[etschelp]

If you look at the app store entries you see that the Lissi wallet is being more actively maintained. In the end it pretty much depends on your use case and with whom you want to interact with in your ecosystem. As of now there is no app that does it all. So far the esatus wallet was a basic but reliable app for everything anoncreds and Indy ledger related. The Lissi app does a bit more.

[msingh1304]

@etschelp

I am facing intermittent issues, it works sometimes and sometimes it doesn't work. I have also noticed that after doing restart of the containers it works, and now we are getting this issue:

---

Error Message:

06:50:13.991 [default-nioEventLoopGroup-1-2] ERROR AcaPyAuthFetcher - aca-py webhook authentication failed. Configured bpa.webhook.key: @_:xxxxxxxx33On, received x-api-key header: null

---

[etschelp]

This means you are running something very old, is this intentional? This has been removed quite a while ago. This means you have configured the bpa for webhook security, but did not do it for the acapy. You need to check if --webhook-url '${BPA_WEBHOOK_URL}#${BPA_WEBHOOK_KEY}' is set on the acapy. But there was a version that had issues with the webhook, if you are running this one there want be an fix except for using a later one.

[msingh1304]

@etschelp

Yes, it is set, here is docker compose yml section for aries agent

---

mylab-aries-agent:
   image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.0
   container_name: ${AGENT_CONTAINER_NAME}
   ports:
     - ${ACAPY_ADMIN_PORT}
     - ${ACAPY_HTTP_PORT}:${ACAPY_HTTP_PORT}
   depends_on:
     - ${WALLET_CONTAINER_NAME}
   entrypoint: /bin/bash
   command: [
       "-c",
       "sleep 15;
       aca-py start \
       --auto-provision \
       --arg-file acapy-static-args.yml \
       --inbound-transport http '0.0.0.0' ${ACAPY_HTTP_PORT} \
       **--webhook-url '${BPA_WEBHOOK_URL}#${BPA_WEBHOOK_KEY}' \**
       --genesis-file '${ACAPY_GENESIS_FILE}' \
       --endpoint ${ACAPY_ENDPOINT} \
       --wallet-name '${ACAPY_WALLET_DATABASE}' \
       --wallet-key '${ACAPY_WALLET_ENCRYPTION_KEY}' \
       --wallet-storage-type '${ACAPY_WALLET_TYPE}' \
       --wallet-storage-config '{\"url\":\"${POSTGRESQL_HOST}:5432\",\"max_connections\":5}' \
       --wallet-storage-creds '{\"account\":\"${POSTGRESQL_USER}\",\"password\":\"${POSTGRESQL_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_USER}\",\"admin_password\":\"${POSTGRESQL_PASSWORD}\"}' \
       --seed '${ACAPY_SEED}' \
       --admin '0.0.0.0' ${ACAPY_ADMIN_PORT} \
       --label '${AGENT_NAME}' \
       --debug-presentations \
       ${ACAPY_ADMIN_CONFIG} \
       ${ACAPY_READ_ONLY_MODE} \
       ${ACAPY_TAILS_BASE_URL} \
       ${ACAPY_TAILS_UPLOAD_URL} \
       "
   ]
   volumes:
     - "./acapy-static-args.yml:/home/indy/acapy-static-args.yml"
     - "./idunion-genesis.txt:/home/indy/idunion-genesis.txt"
   networks:
     - digilab-bpa
   restart: always
#--genesis-url '${ACAPY_GENESIS_URL}' \

---

[etschelp]

Like I said, this is all very old stuff, and has already been fixed a while back. I believe there was a issue with acapy where the api key got lost after some time, or after a exception (don't remember exactly) and after a restart it was set again. You either have to upgrade, or turn of webhook authentication. As long as you do not expose BPA's webhook URL to the internet this should be ok. Otherwise upgrade, because no one will support the stack you are running.

[msingh1304]

@etschelp

Okay, got it. If I understand you currently, you are saying that aries cloud agent version present in the git hub repository is "image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.5" and my code has " image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.0

Possible Solutions to fix this issue:

1. Upgrade the aries cloud agent version to latest that is "image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.5"
2. Comment this line in the existing docker-compose yaml file

Is that correct?

[etschelp]

Like always I'm having no clue what you are doing, and like I said it looks like you are running something very old, so just bumping up one version without considering the rest will cause other issues. So you have two options:

1. leave everything as it is and just set BPA_WEBHOOK_KEY= in your .env file
2. or, use the compose file like it is defined in the main branch of the BPA repository, but this means you have to migrate things

[msingh1304]

@etschelp

leave everything as it is and just set BPA_WEBHOOK_KEY= in your .env file : This is already set.

[etschelp]

what version of the bpa are you running? or commit version?

[msingh1304]

@etschelp
PFB the requested info
what version of the bpa are you running? or commit version? : ghcr.io/hyperledger-labs/business-partner-agent:edge

[etschelp]

Then you are all set, because this version does not use webhooks any more and the exception above can physically not happen because the code that logs the exception above is gone. If you are still seeing this exception my guess is that you have build your own bpa images locally and tagged it as edge. To be sure you can use the latest tagged stable version: ghcr.io/hyperledger-labs/business-partner-agent-new:0.12.0, but from what I have seen above your docker compose file and your config will then not match anymore, and you have to migrate.

[msingh1304]

Yeah, I know the wierd thing is I get only error at the time of receiving proof presentation api, Unable to receive proof data and in the logs I get api key error message because of that entire flow is not running. Strange part is after restart of fhe containers everything works fine for 1 days and then the next day same issue.

…

On Mon, 3 Apr 2023, 17:57 Philipp Etschel, ***@***.***> wrote: Then you are all set, because this version does not use webhooks any more and the exception above can physically not happen because the code that logs the exception above is gone. If you are still seeing this exception my guess is that you have build your own bpa images locally and tagged it as edge. To be sure you can use the latest tagged stable version: ghcr.io/hyperledger-labs/business-partner-agent-new:0.12.0, but from what I have seen above your docker compose file and your config will then not match anymore, and you have to migrate. — Reply to this email directly, view it on GitHub <#857 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3AXSCUIGPKG7XMYNPRR2YDW7K62PANCNFSM6AAAAAAUT4KWYU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[etschelp]

Ok from the top, yes acapy had a bug that did reset the api key after a time, if you restart it will work for a while and then it will be gone again. To fix that you will have to upgrade acapy.

BUT, the webhook api key should not be needed at all, because it is removed from the latest BPA version so you should not see this at all. This means you are not only running an old acapy version but also an old BPA version. I already wrote tons of hints on how to debug and fix this with docker, you just have to scroll up in this very long dialog.

[msingh1304]

Okay, let me scroll up and find any solution if you have mentioned it in our thread

…

On Mon, 3 Apr 2023, 19:51 Philipp Etschel, ***@***.***> wrote: Ok from the top, yes acapy had a bug that did reset the api key after a time, if you restart it will work for a while and then it will be gone again. To fix that you will have to upgrade acapy. BUT, the webhook api key should not be needed at all, because it is removed from the latest BPA version so you should not see this at all. This means you are not only running an old acapy version but also an old BPA version. I already wrote tons of hints on how to debug and fix this with docker, you just have to scroll up in this very long dialog. — Reply to this email directly, view it on GitHub <#857 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3AXSCQQMNYW7TIYOFNURILW7LMHDANCNFSM6AAAAAAUT4KWYU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[msingh1304]

@etschelp

Are you saying that temporary fix would be to restart the containers for now and permanent fix is to upgrade acapy version and BPA version, is that correct?

[msingh1304]

@etschelp

Awaiting your reply

[etschelp]

thats what I said