Enclave Installation & Execution
Setting up the environment of the enclave server provided by VerifyVASP.
- Structure of the system/infrastructure
- Enclave Server
- CPU: Minimum 2G, 4G recommended
- Memory: Minimum 2G, 4G recommended
- Storage: Minimum 8G, 16G recommended (including the docker and container)
- Download enclave docker image
- Enclave docker image is in Private Registry. You can acquire access by delivering a Docker Hub Credential ID to the admin.
- A VASP can download a Docker image by first requesting access from VV admin manager ([email protected]).
- VASPs would require
VASP’s Docker Hub credential (ID)to provide access. Once access is granted, they can follow the instruction. - Download
$ docker pull verifyvasp/enclave:latest
Name of the Environment Variable | Default | Details |
|---|---|---|
VEGA_SERVER_PORT | 21117 | Port no. of the enclave server. |
VEGA_ENCLAVE_PUBLIC_ENDPOINT | | Public endpoint URL of the enclave server accessible from VV central server. Must use HTTPS protocol. ex) “https://api.vasp.com/enclave” |
VEGA_ALLIANCE_ACCESS_KEY | | accessKey part of the API-Key |
VEGA_ALLIANCE_SECRET_KEY | | secretKey part of the API-Key |
VEGA_DATABASE_CLIENT | mysql2 | A type of database. An appropriate value for a database client is to be entered. pg, mysql, mysql2, oracledb, mssql values can be used. |
VEGA_DATABASE_USERNAME | | Database user name |
VEGA_DATABASE_PASSWORD | | Database password |
VEGA_DATABASE_HOST | | Address to access database |
VEGA_DATABASE_PORT | 3306 | Port number to access database |
VEGA_DATABASE_DB | verifyvasp | Database name that enclave server uses |
VEGA_DATABASE_POOL_MIN | 0 | Minimum value of database connection pool |
VEGA_DATABASE_POOL_MAX | 5 | Maximum value of database connection pool |
VEGA_VERIFICATION_API_PATH | | User verification API endpoint URL. |
VEGA_VERIFICATION_ACCOUNT_API_PATH | | User account (wallet address and owner name) verification API Endpoint URL. |
VEGA_VERIFICATION_TRANSACTION_API_PATH | | API Endpoint URL to check the status of the transaction process. |
VEGA_VERIFICATION_CALLBACK_API_PATH | | Callback API Endpoint URL to receive the result of asynchronous request. |
VEGA_VERIFICATION_AUTHORIZATION_TOKEN | | Verification token to call API with VASP backend. When the enclave server calls API with the VASP backend, verification taken is delivered to the header of VASP Authorization. |
VEGA_VERIFICATION_AUTHORIZATION_KEY | | Header key value to pass the authentication token when making API calls to the VASP backend. If not set, the authentication token is passed through the Authorization header. |
VEGA_API_ENDPOINT | | VerifyVASP central API server address. As mentioned above, one of the two environments could be used depending on the purpose. In a production environment, register through https://api.vega-protocol.com. In a staging environment, register through https://api.vega-protocol.xyz. |
VEGA_LOG_LEVEL | info | You can determine the log level of the enclave server. none, error, warn, info, debug values can be used. |
VEGA_PUBLIC_KEY_TTL | 1800000 | The duration to cache the public key of the other VASP which will be used for E2EE can be set up. The unit must be milliseconds. |
VEGA_ENCRYPTION_KEY_BASE64 | | Encryption key to be used to encrypt personal information. Unless the VEGA_DECRYPT_API_ENDPOINT below is entered, the environment value set up in VEGA_ENCRYPTION_KEY_BASE64 will be used as an encryption key of the database (Not Recommended). If the VEGA_DECRYPT_API_ENDPOINT is set up, the environment value set up in VEGA_ENCRYPTION_KEY_BASE64 will be set up as an inputKey of the request body. Then, the outputKey as a response to calling the API issued is used as an encryption key. |
VEGA_DECRYPT_API_ENDPOINT | | The outside service endpoint to decrypt the encryption key set up in VEGA_ENCRYPTION_KEY_BASE64 once again. It is set up to use the outside service relevant to encryption, such as HSM. |
- Run by writing an environment value on a file. (e.g. prd_env)
;Enclave Server
VEGA_SERVER_PORT=21117
VEGA_ENCLAVE_PUBLIC_ENDPOINT=<Enclave Server endpoint URL>
;API Keys
VEGA_ALLIANCE_ACCESS_KEY=<issued accessKey>
VEGA_ALLIANCE_SECRET_KEY=<issued secretKey>
;DB Client
VEGA_DATABASE_CLIENT=mysql2
VEGA_DATABASE_USERNAME=vasp
VEGA_DATABASE_PASSWORD=1234
VEGA_DATABASE_HOST=<database endpoint URL>
VEGA_DATABASE_PORT=3306
VEGA_DATABASE_DB=vega
VEGA_DATABASE_POOL_MIN=0
VEGA_DATABASE_POOL_MAX=5
;VASP API
VEGA_VERIFICATION_API_PATH=<VerifyUser API endpoint URL>
VEGA_VERIFICATION_ACCOUNT_API_PATH=<VerifyAccount API endpoint URL>
VEGA_VERIFICATION_TRANSACTION_API_PATH=<Transaction processing state querying API endpoint URL>
VEGA_VERIFICATION_CALLBACK_API_PATH=<Callback API endpoint URL>
VEGA_VERIFICATION_AUTHORIZATION_TOKEN=<Auth Token>
VEGA_VERIFICATION_AUTHORIZATION_KEY=<Auth Token Header Key>
;VerifyVASP Central Server URL
VEGA_API_ENDPOINT=https://api.vega-protocol.xyz
;Log level
VEGA_LOG_LEVEL=info
;DB Encryption Key
VEGA_DECRYPT_API_ENDPOINT=<HSM URL>
VEGA_ENCRYPTION_KEY_BASE64=<Public Key on base64>
;Caching
VEGA_PUBLIC_KEY_TTL=1800000
- Run
$ docker run -d -p 21117:21117 --env-file=<Name of the Environment Variable File> --name=enclave verifyvasp/enclave:latest
$ docker run -d -p 21117:21117 \\\\
-e VEGA_SERVER_PORT=21117 \\\\
-e VEGA_ENCLAVE_PUBLIC_ENDPOINT=<Enclave Server endpoint URL> \\\\
-e VEGA_ALLIANCE_ACCESS_KEY=<issued accessKey> \\\\
-e VEGA_ALLIANCE_SECRET_KEY=<issued secretKey> \\\\
-e VEGA_DATABASE_USERNAME=vasp \\\\
-e VEGA_DATABASE_PASSWORD=1234 \\\\
-e VEGA_DATABASE_HOST=<database endpoint URL> \\\\
-e VEGA_DATABASE_PORT=3306 \\\\
-e VEGA_DATABASE_DB=vega \\\\
-e VEGA_VERIFICATION_API_PATH=<VerifyUser API endpoint URL> \\\\
-e VEGA_VERIFICATION_ACCOUNT_API_PATH=<VerifyAccount API endpoint URL> \\\\
-e VEGA_VERIFICATION_TRANSACTION_API_PATH=<Transaction processing state querying API endpoint URL> \\\\
-e VEGA_VERIFICATION_CALLBACK_API_PATH=<Callback API endpoint URL> \\\\
-e VEGA_VERIFICATION_AUTHORIZATION_TOKEN=<Auth Token> \\\\
-e VEGA_VERIFICATION_AUTHORIZATION_KEY=<Auth Token Header Key> \\\\
-e VEGA_API_ENDPOINT=https://api.vega-protocol.xyz \\\\
-e VEGA_LOG_LEVEL=info \\\\
-e VEGA_PUBLIC_KEY_TTL=1800000 \\\\
-e VEGA_DECREYPT_API_ENDPOINT=<HSM URL> \\\\
-e VEGA_ENCRYPTION_KEY_BASE64=<Public Key on base64> \\\\
verifyvasp/enclave:latest
- How to check if the enclave server is successfully activated
- On the docker log, a message like “Listening port at 21117,” which means that it is listening through the port number previously set up, must be shown.
- (However, an error log must not follow.)
- GET request via <enclave endpoint>/healthcheck.
- In the VV central server, the health of each VASP enclave server is regularly (every 5-10 sec) checked.
- If the Enclave docker stops, it should be reactivated.
- Or if the logs as follows are shown in the Enclave docker log, it should be reactivated.
- “Unhandled Rejection detect: <error message>”
- “Uncaught Exception detect: <error message>”
Last modified 7mo ago