Sunbird RC
v2.0.0
v2.0.0
  • Learn
    • Introduction
    • Sunbird RC Overview
      • Why do we need Sunbird RC?
      • Core Capabilities
      • Core Registry Verbs
      • Workflows
      • What Sunbird RC is and what it's not? (WIP)
      • Possibilities
      • Demo Links
    • Technical Overview
      • Registry
        • High-Level architecture
        • Technical Specification Draft
        • Tech Stack and Requirements
      • Credentialling
        • High-Level Architecture
        • Technical Specification Draft
        • Tech Stack and Requirements
    • Adopters
    • Roadmap
  • Use
    • Getting started
      • Pre-requisites
      • Install Sunbird-RC
    • Developer's Guide
      • Functional Registry
        • Installation Guide
          • Registry CLI
            • Setup A Registry Instance
          • Manual installation through docker-compose
          • Production setup through Helm
        • Working with Source Code
        • Configurations
          • Frontend Configurations
          • Frontend - Proxy configuration
          • Audit Configuration
          • Notifications Configuration
          • View Templates Configuration
        • Schema Setup
          • Introduction To Schemas
          • Creating Your Own Schemas
          • Schema Configuration
          • Create Schemas With Custom Password
        • Setup the Backend
        • Setup the Frontend
        • Backup and Restore
          • PostgreSQL
            • SQL Dump
            • File System Level Backup
            • Continuous Archiving and Point-in-Time Recovery (PITR)
          • Cassandra
            • Snapshot-based backup method
            • Incremental backup method
            • Data Restore
        • Generic Identity And Access Management
        • Metrics
        • Custom Keycloak Build
        • Custom QR Code design
        • VC Verification Module
      • Credentialling Services
        • Installation Guide
          • Run for development
          • Docker compose based
          • Helm based
        • Configurations
        • Working with the Vault
    • Integrations
      • SSO with existing systems
      • Digilocker Meripehchaan SSO
      • Digilocker Integration
    • Connectors
      • G2P Connect
      • Open ID for Verifiable Credentials (OID4VCI)
    • Release Notes
      • Registry
      • Credentialling
    • Admin Portal
      • Login
      • Get Started
        • Create Schema
        • Attestation Workflows (WIP)
        • VC Template
          • Custom VC Template (WIP)
        • Ownership (WIP)
        • Publish (WIP)
      • Dashboard
  • API Reference
    • Registry APIs
      • Registry
        • Using The APIs
        • Create An Entity
        • Invite An Entity
        • Generate token
        • Generate admin token
        • Get An Entity
        • Get An Entity By Id
        • Update An Entity
        • Create A Property Of An Entity
        • Update A Property Of An Entity
        • Revoke a Credential
        • Delete An Entity
      • Schema
        • Create Schema
        • Get Schema
        • Update Schema
        • Delete Schema
        • Publish A Schema
      • Attestation API
        • Raise An Attestation
        • Get Attestation Certificate
      • Claims API
        • Get All Claims
        • Get Claim by ID
        • Attest A Claim
      • Discovery API
        • Search An Entity
      • File Storage API
        • Upload A File
        • Get Uploaded File
        • Delete A File/ Multiple Files
      • Metrics APIs
        • Get Count
        • Get Aggregates
    • Credentialling APIs
      • Identity Service APIs
      • Credential Schema APIs
      • Credential Issuance APIs
    • Other APIs
      • Sign API
      • Verify API
      • Swagger JSON API
      • Health API
  • Reference Solutions for Functional Registries
    • Education
      • Education Ecosystem
        • Installation
      • Education Registries
        • Installation
        • User Guide
    • Health Registries
      • Organ Registries
        • Frontend Setup
        • Backend Setup
        • User Guide
      • Health Facility Registry
    • Govt to Person (G2P)
  • Reference Solutions for Digital Credentials
    • Certificate Issuance
      • Installation(WIP)
      • User Guide
    • eLocker
      • High Level Diagram
      • Installation (WIP)
        • Frontend Setup E-locker
      • User Guide
    • Vaccination Platform
    • Skills & Work Credentials
    • Unified Learners Passport (ULP)
      • ULP Capabilities
      • Example Scenario
      • Technical Components (WIP)
      • Demo/Sandbox Links (WIP)
      • Installation Guide (WIP)
        • Frontend Setup
        • Installation through docker-compose
        • Dummy records setup for refrence
  • Links
    • Source Code
    • Releases & Changelogs
    • Website
    • Roadmap
    • Reference links
    • Design
  • Community
    • Discussion Forum
    • Contributors
    • Contributing
    • Contribution Guidebook
    • Code of Conduct
    • Community Events
    • Status By Track
  • HELP
    • Roadmap
    • FAQs
    • Glossary
    • Guide to Electronic Registries and Verifiable Credentials
      • Verifiable Credentials
        • What issues will Verifiable Credentials address?
        • What are the key roles in Verifiable Credentials?
        • What are the components of Verifiable Credentials?
        • What are the benefits of Verifiable Credentials?
        • Digital Credentials vs Verifiable Credentials
        • QR code vs Verifiable QR code
        • Use Cases
      • Electronic Registries
        • Evolution of Electronic Registries
        • What issues will Electronic Registries address?
        • Benefits of Electronic Registries
        • Registry vs Database
        • Design Principles
        • Use Cases
      • Leveraging Existing data stores
    • External Open Source Software Attributions
Powered by GitBook

Copyright (c) 2023 EkStep Foundation under MIT License

On this page
  • Usage of the Vault
  • Dependent service
  • Setting up the Vault Manually
  • Initialising the vault
  • Unsealing the vault
  • Enable a key-value path kv
  • Use the root token for identity service to work
  • Setting up the vault using the script
  • Setting up the Vault in production -
  • Troubleshoot
Edit on GitHub
  1. Use
  2. Developer's Guide
  3. Credentialling Services

Working with the Vault

This page is dedicated for the details of how to use hashicorp vault in sunbird rc using docker and what all the things related to it should we remember.

Usage of the Vault

It is used to store and retrieve private keys which are used to sign the verifiable credentials.

Dependent service

The below service is dependent on the vault -

  • Identity Service - Identity Service APIs

Setting up the Vault Manually

There are some steps followed to setup the vault

Initialising the vault

  • It is a one time process

  • It can be done using cmd vault operator init inside vault container

  • The response has unseal keys in it and a root token which needs to be stored safely

Unsealing the vault

  • Vault should be unsealed whenever it gets restarted or recreated while having the same volume or data

  • Use cmd vault operator unseal to unseal the vault

  • It should ask for unseal key

  • The key here should be from generated in the Initialising the vault step

  • This unseal command should be run with 3 different keys to unseal

  • After unsealing the vault, the container should show healthy status

Enable a key-value path kv

  • To enable a key value path kv of type kv-v2 , follow below steps

  • Login to the vault using the root token generated in the Initialising the vault

  • cmd to login vault login inside the container vault, then run

  • vault secrets enable -path=kv kv-v2

Use the root token for identity service to work

Provide the value token to identity service environment variable VAULT_TOKEN

Setting up the vault using the script

bash setup_vault.sh docker-compose.yml vault

Setting up the Vault in production -

Troubleshoot

If the vault container is showing unhealthy -

  • Check if the Vault is initialised

  • Check if the Vault unsealed.

  • Check if the path of type `kv-v2` is created at `kv`

If vault is showing healthy then there shouldn't be any issue with the vault. If identity-service is showing unhealthy or showing some error related to vault, then confirm if vault token is setUse the root token for identity service to work

PreviousConfigurationsNextIntegrations

Last updated 9 months ago

All of the above steps are created into a bash script . Run below command to setup the vault OR can check if you require docker-compose specific commands -

If you are using repository, then you can also use make compose-init to run the above cmd.

Guide to setup the vault for production can be found

here
sunbird-rc-core
here