Configuration - SSI-Solutions/vcms GitHub Wiki
The configurations of each component are mainly done over environment variables.
| Property Name | Requirement | Description |
|---|---|---|
| ENABLE_API_DOCS | Optional | When set to true, the swagger API documentation will be available on the service. |
| DATABASE_URL | Mandatory | Public address of the database instance. |
| DATABASE_SCHEMA | Mandatory | The database schema to be used by service. Each service should use its own schema. This is mangaged and created by FlyWay, and used as part of the JDBC connection URL for Spring. |
| DATABASE_NAME | Mandatory | The database instance to connect to. Usually all services use the same database. |
| DATABASE_USER | Mandatory | User for the JDBC connection. |
| DATABASE_PASS (*) | Mandatory | Used by the Spring JDBC connection. For VCMS a single value is used, all services use the same tech user to access the database. |
| FLYWAY_USER | Mandatory | User for the FlyWay migration. Often the same user as DATABASE_USER. |
| FLYWAY_PASSWORD (*) | Mandatory | Used by Flyway to acces database for schema creation. For VCMS a single value is used, all services use the same tech user to access the database. |
| DATABASE_ADDITIONAL_ARGS | Optional | Additional arguments at the end of the JDBC URL. This can be used for debugging and development purposes. Example: DATABASE_ADDITIONAL_ARGS=&useSSL=false&ssl=false&sslmode=disable |
| FLYWAY_ADDITIONAL_ARGS | Optional | Additional arguments at the end of the JDBC URL. This can be used for debugging and development purposes. Example: FLYWWAY_ADDITIONAL_ARGS=?ssl=false&sslmode=disable |
| ARIES_FACADE_BASEPATH | Mandatory | Base Path for the Aries Facade Service which manages SSI specific requests. |
| RABBIT_MQ_HOST | Mandatory | Public address of the RabbitMQ instance |
| RABBIT_MQ_PORT | Mandatory | Public port of the RabbitMQ instance |
| RABBITMQ_DEFAULT_USER | Mandatory | User for the RabbitMQ connection |
| RABBITMQ_DEFAULT_PASS (*) | Mandatory | Used for the RabbitMQ connection. For VCMS a single value is used, all services use the same tech user to access the message queue |
| RABBIT_MQ_QUEUE_CONNECTION | Mandatory | Message queue name for connection events. |
| SERVER_SWAGGER_URL | Optional | Define the deployed public server URL as used by the Swagger UI. |
| SERVER_SWAGGER_DESCRIPTION | Optional | Short description of the deployment environment in Swagger UI. |
* Properties marked by a star are confidential and should be stored securely
This component is build upon Spring Boot and also support common Spring Boot configuration over environment variables.
| Property Name | Requirement | Description |
|---|---|---|
| ENABLE_API_DOCS | Optional | When set to true, the swagger API documentation will be available on the service. |
| DATABASE_URL | Mandatory | Public address of the database instance. |
| DATABASE_SCHEMA | Mandatory | The database schema to be used by service. Each service should use its own schema. This is mangaged and created by FlyWay, and used as part of the JDBC connection URL for Spring. |
| DATABASE_NAME | Mandatory | The database instance to connect to. Usually all services use the same database. |
| DATABASE_USER | Mandatory | User for the JDBC connection. |
| DATABASE_PASS (*) | Mandatory | Used by the Spring JDBC connection. For VCMS a single value is used, all services use the same tech user to access the database. |
| FLYWAY_USER | Mandatory | User for the FlyWay migration. Often the same user as DATABASE_USER. |
| FLYWAY_PASSWORD (*) | Mandatory | Used by Flyway to acces database for schema creation. For VCMS a single value is used, all services use the same tech user to access the database. |
| DATABASE_ADDITIONAL_ARGS | Optional | Additional arguments at the end of the JDBC URL. This can be used for debugging and development purposes. Example: DATABASE_ADDITIONAL_ARGS=&useSSL=false&ssl=false&sslmode=disable |
| FLYWAY_ADDITIONAL_ARGS | Optional | Additional arguments at the end of the JDBC URL. This can be used for debugging and development purposes. Example: FLYWWAY_ADDITIONAL_ARGS=?ssl=false&sslmode=disable |
| ARIES_FACADE_BASEPATH | Mandatory | Base Path for the Aries Facade Service which manages SSI specific requests. |
| RABBIT_MQ_HOST | Mandatory | Public address of the RabbitMQ instance |
| RABBIT_MQ_PORT | Mandatory | Public port of the RabbitMQ instance |
| RABBITMQ_DEFAULT_USER | Mandatory | User for the RabbitMQ connection |
| RABBITMQ_DEFAULT_PASS (*) | Mandatory | Used for the RabbitMQ connection. For VCMS a single value is used, all services use the same tech user to access the message queue |
| RABBITMQ_CREDENTIAL_Q | Mandatory | Message queue name for credentials events. |
| SERVER_SWAGGER_URL | Optional | Define the deployed public server URL as used by the Swagger UI. |
| SERVER_SWAGGER_DESCRIPTION | Optional | Short description of the deployment environment in Swagger UI. |
* Properties marked by a star are confidential and should be stored securely
This component is build upon Spring Boot and also support common Spring Boot configuration over environment variables.
| Property Name | Requirement | Description |
|---|---|---|
| ENABLE_API_DOCS | Optional | When set to true, the swagger API documentation will be available on the service. |
| DATABASE_URL | Mandatory | Public address of the database instance. |
| DATABASE_SCHEMA | Mandatory | The database schema to be used by service. Each service should use its own schema. This is mangaged and created by FlyWay, and used as part of the JDBC connection URL for Spring. |
| DATABASE_NAME | Mandatory | The database instance to connect to. Usually all services use the same database. |
| DATABASE_USER | Mandatory | User for the JDBC connection. |
| DATABASE_PASS (*) | Mandatory | Used by the Spring JDBC connection. For VCMS a single value is used, all services use the same tech user to access the database. |
| FLYWAY_USER | Mandatory | User for the FlyWay migration. Often the same user as DATABASE_USER. |
| FLYWAY_PASSWORD (*) | Mandatory | Used by Flyway to acces database for schema creation. For VCMS a single value is used, all services use the same tech user to access the database. |
| DATABASE_ADDITIONAL_ARGS | Optional | Additional arguments at the end of the JDBC URL. This can be used for debugging and development purposes. Example: DATABASE_ADDITIONAL_ARGS=&useSSL=false&ssl=false&sslmode=disable |
| FLYWAY_ADDITIONAL_ARGS | Optional | Additional arguments at the end of the JDBC URL. This can be used for debugging and development purposes. Example: FLYWWAY_ADDITIONAL_ARGS=?ssl=false&sslmode=disable |
| ARIES_FACADE_BASEPATH | Mandatory | Base Path for the Aries Facade Service which manages SSI specific requests. |
| RABBIT_MQ_HOST | Mandatory | Public address of the RabbitMQ instance |
| RABBIT_MQ_PORT | Mandatory | Public port of the RabbitMQ instance |
| RABBITMQ_DEFAULT_USER | Mandatory | User for the RabbitMQ connection |
| RABBITMQ_DEFAULT_PASS (*) | Mandatory | Used for the RabbitMQ connection. For VCMS a single value is used, all services use the same tech user to access the message queue |
| RABBIT_MQ_QUEUE_PROOF | Mandatory | Message queue name for credential proof events. |
| SSI_CONFIGURATION_CRE_DEF_IDS | Optional | Comma delimited list of accepted preexisting credentials definition that are accepted |
| SERVER_SWAGGER_URL | Optional | Define the deployed public server URL as used by the Swagger UI. |
| SERVER_SWAGGER_DESCRIPTION | Optional | Short description of the deployment environment in Swagger UI. |
* Properties marked by a star are confidential and should be stored securely
This component is build upon Spring Boot and also support common Spring Boot configuration over environment variables.
| Property Name | Requirement | Description |
|---|---|---|
| RABBITMQ_DEFAULT_USER | Mandatory | User for the RabbitMQ connection |
| RABBITMQ_DEFAULT_PASS (*) | Mandatory | Used for the RabbitMQ connection. For VCMS a single value is used, all services use the same tech user to access the message queue |
* Properties marked by a star are confidential and should be stored securely
| Property Name | Requirement | Description |
|---|---|---|
| LEDGER_URL | Mandatory | Specifies the url from which to download the genesis transactions. Example: https://raw.githubusercontent.com/sovrin-foundation/sovrin/master/sovrin/pool_transactions_builder_genesis |
| WALLET_NAME | Mandatory | Specifies the wallet name to be used by the agent. This is useful if your deployment has multiple wallets. |
| LABEL | Mandatory | Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection. This will also show up in the mobile wallets. |
| WALLET_KEY (*) | Mandatory | Specifies the master key value to use to open the wallet. |
| SEED (*) | Mandatory | The seed value is used to generate the public DID and verkey for the agent (see the logs for the values). Store this value private, so other parties cannot reproduce your DID identity. In most cases the DID and verkey values need to be registered on the ledger before access is granted. |
| NO_PROXY | Optional | NO_PROXY config of the internail aiohttp server. NO_PROXY=127.0.0.1 |
| ADMIN_IP | Mandatory | Specify the host on which to run the administrative server. This is where the SwaggerUI is available. For VCMS deployments this is usually the direct address of the container. This server should not be accessible on a public endpoint in production! |
| ADMIN_PORT | Mandatory | Specify the port on which to run the administrative server. This is where the SwaggerUI is available. For VCMS deployments this is usually the direct address of the container. This server should not be accessible on a public endpoint in production! |
| ENDPOINT_IP | Mandatory | Defines the host for the inbound transport(s) on which the agent listens for receiving messages from other agents. For VCMS deployments this is usually the direct address of the container. |
| ENDPOINT_PORT | Mandatory | Defines the port for the inbound transport(s) on which the agent listens for receiving messages from other agents. For VCMS deployments this is usually the direct address of the container. |
| WEBHOOK_IP | Mandatory | The host where ACA-Py will call the deployed webhook service. For VCMS deployments this is usually the direct address of the container. |
| WEBHOOK_PORT | Mandatory | The port where ACA-Py will call the deployed webhook service. For VCMS deployments this is usually the direct address of the container. |
| DID_ENDPOINT_URL | Mandatory | Specifies the public endpoints to put into DIDDocs to inform other agents of where they should send messages destined for this agent. |
| TAILS_SERVER_URL | Mandatory | The public URL of the Tails file server. Currently the Tails server is a compulsory part of the deployment, even if revocation is not actively used. |
| ACAPY_LOG_LEVEL | Mandatory | Log level of the ACA-Py instance. Examples: INFO, DEBUG |
| ACAPY_DEBUG_WEBHOOKS | Optional | Defaults to true. Using the debug mode is required to VCMS to fetch the revealed attributes after a presentation. Please the acapy docs to learn more about this configuration. |
* Properties marked by a star are confidential and should be stored securely
Some Ledgers do only grant write privilege to certain instances. Those with write access are called Endorsers and all other agent are called Authors. When the Ledger is configured to only allow transaction signed by certain Endorser, the following configurations will need to be adapted. More Information on the ACA-Py GitHub repository.
| Property Name | Requirement | Description |
|---|---|---|
| ACAPY_ENDORSER_ROLE | Optional | Specifies the role of the agent in the endorsement context. Possible values: endorser, author anything else will be mapped to ''. |
| ACAPY_CREATE_REVOCATION_TRANSACTIONS | Mandatory, if ACAPY_ENDORSER_ROLE= author |
Specifies whether to automatically create transactions for a cred def's revocation registry. |
| ACAPY_AUTO_WRITE_TRANSACTIONS | Mandatory, if ACAPY_ENDORSER_ROLE= author |
Specifies whether to automatically write any endorsed transactions. |
| ACAPY_AUTO_REQUEST_ENDORSEMENT | Mandatory, if ACAPY_ENDORSER_ROLE= author |
Specifies whether to automatically request endorsement for all transactions. |
| ACAPY_ENDORSER_ALIAS | Mandatory, if ACAPY_ENDORSER_ROLE= author |
Specifies the the alias of the Endorser connection that will be used to endorse transactions. Take note of this value, you will need to use the same value when accepting the endorser connection. |
| ACAPY_ENDORSER_PUBLIC_DID | Mandatory, if ACAPY_ENDORSER_ROLE= author |
Specifies the the public DID of the Endorser agent who will be endorsing transactions. Note this requires that the connection be made using the Endorser's public DID. |
| ACAPY_AUTO_ENDORSE_TRANSACTIONS | Mandatory, if ACAPY_ENDORSER_ROLE= endorser |
Specifies whether to automatically endorse any received endorsement requests. |
| Property Name | Requirement | Description |
|---|---|---|
| ENABLE_API_DOCS | Optional | When set to true, the swagger API documentation will be available on the service. |
| ACAPY_BASEPATH | Mandatory | Public address of the ACA-Py instance |
| Property Name | Requirement | Description |
|---|---|---|
| TAILS_SERVER_IP | Mandatory | Address which accepts entering connection. Example of allowing every address: 0.0.0.0 |
| TAILS_SERVER_PORT | Mandatory | Listening port of the service |
| TAILS_SERVER_DATA_FOLDER | Mandatory | Data folder where the Tails file should be saved |
| TAILS_SERVER_LOG_LEVEL | Mandatory | Log level of the tails server. Examples: INFO, DEBUG |
| Property Name | Requirement | Description |
|---|---|---|
| SERVER_PORT | Mandatory | Listening Port of the service |
| LOG_LEVEL | Mandatory | Log level of the service. Examples: INFO, DEBUG |
| RABBIT_MQ_HOST | Mandatory | Public address of the RabbitMQ instance |
| RABBIT_MQ_PORT | Mandatory | Public port of the RabbitMQ instance |
| RABBITMQ_DEFAULT_USER | Mandatory | User for the RabbitMQ connection |
| RABBITMQ_DEFAULT_PASS (*) | Mandatory | Used for the RabbitMQ connection. For VCMS a single value is used, all services use the same tech user to access the message queue |
| RABBITMQ_CONNECTION_EXCH | Mandatory | Name of connection exchange |
| RABBITMQ_CONNECTION_CONTROLLER_Q | Mandatory | Name of connection event queue |
| RABBITMQ_VERIFICATION_EXCH | Mandatory | Name of verification exchange |
| RABBITMQ_VERIFICATION_VERIFIER_Q | Mandatory | Name of verification event queue |
| RABBITMQ_CREDENTIAL_EXCH | Mandatory | Name of credential exchange |
| RABBITMQ_CREDENTIAL_ISSUER_Q | Mandatory | Name of credential event queue |
* Properties marked by a star are confidential and should be stored securely
The UI demos have a different style of configuration. The file named "/dist/assets/environment-config.json" must be overwritten with the correct environment variables.
UI Demos are not required but can be helpful to test the VCMS deployment.
| Property Name | Requirement | Description |
|---|---|---|
| connectorBasePath | Mandatory | Public address of the Connector API instance |
| issuerBasePath | Mandatory | Public address of the Issuer API instance |
| Property Name | Requirement | Description |
|---|---|---|
| connectorBasePath | Mandatory | Public address of the Connector API instance |
| verifierBasePath | Mandatory | Public address of the Verifier API instance |