TrinityWallet Server provides a secure backend for TrinityWallet — a digital identity wallet that conforms to eIDAS 2.0 standards. This server facilitates secure access to critical secrets and will likely serve as the mock wallet provider server for TrinityWallet in future implementations.
- Secure retrieval and management of wallet secrets
- Credential issuance and verification capabilities
- TLS/SSL-enabled communication for robust data security
- Azure Key Vault integration for secret management
- RESTful API endpoints for wallet operations
Before running the server, ensure you have the following installed:
- Node.js (version 14.x or higher)
- npm (Node Package Manager)
# Install or update Node.js and npm if needed
npm install -g node
npm install -g npmgit clone <repository-url>
cd TrinityWalletServernpm installCreate a .env file in the root directory with the following variables:
PORT=443
AZURE_SECRET_NAME=your_secret_name
AZURE_KEY_VAULT_NAME=your_vault_name
PRIVATE_KEY={"your":"private_key_in_jwk_format"}
PUBLIC_KEY={"your":"public_key_in_jwk_format"}PRIVATE_KEY: Issuer's private key for credential signing (JWK format)PUBLIC_KEY: Issuer's public key associated with the private key (JWK format)PORT: Server listening port (defaults to 443 for HTTPS)AZURE_SECRET_NAME: Name of the secret in Azure Key VaultAZURE_KEY_VAULT_NAME: Name of your Azure Key Vault instance
Generate SSL keys and certificate for secure communications:
# Requires san.cnf file with appropriate configurations
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout key.pem -out cert.pem \
-config san.cnf -extensions v3_reqnode server.mjsThe server will start on https://localhost:443 with SSL/TLS enabled.
For temporary external access during development:
cloudflared tunnel --no-tls-verify --url https://localhost:443GET /— Welcome messageGET /azure-secret— Retrieve secrets from Azure Key VaultGET /credential-issuance?username=<username>— Issue and verify credentials for a specific username