Configuring the Storage
This article explains how the issuance storage works and how you can configure your credential issuance services storage solution.
1. Understand the credential issuance service storage
The credential issuance service uses a deployment of Partisia Platform as its storage solution. It's role within My Data Activation is to hold information for each and every issuance session.
All transactions and their sequence are securely recorded, providing a reliable audit trail, thanks to the immutability of the blockchain technology behind this storage solution.
The credential issuance service storage is used solely to store metadata about each issuance. This includes information such as the status of the issuance and the configuration of the credential being issued. It does not store any personal data included in the credential.
2. Use the Partisia platform for testing
The server.json configuration file used in the installation guide for the credential issuance
service is configured to use a local deployment of Partisia
Platform, that can be started by following
this guide.
Warning
Using a local deployment is convenient for testing, but should not be used in a production setting. For more information on Partisia Platform deployments, and how to set up and run your own see the guide here.
Configure the Partisia Platform for storage
Follow the steps outlined below to configure the Partisia platform for Issuer Storage.
- Download and configure the Partisia platform installation script.
- Run the installation script with the issuer module enabled.
Note
To get access to the Partisia Platform installation script, you need a valid license for the Partisia Platform. Please request a demo to obtain yours.
3. Create a private key
Now that you have deployed your Partisia Platform you need to choose a private key which will be used for the credential issuance state. You can generate a secure private key using cargo Partisia cli as explained below or through other key generation methods.
- Install the cargo partisia contract pbc commands
- Create a system user by running:
cargo pbc account create - The private key is stored in a file called
{address}.pk.
4. Update your credential issuance service configuration file
To integrate your credential issuance service instance with your Partisia Platform deployment,
update the state in your
server.json configuration file:
- Provide the url of the reader node from your Partisia Platform deployment in the
baseUrlfield. If you are running the default local deployment, the reader node is already configured in the example. - Provide the private key created above.
Example configuration file:
{
"port": ...,
"baseUrl": "...",
"registry": {
"..."
},
"state": { // (1)!
"baseUrl": "http://localhost:9432", // (2)!
"privateKey": "348571a75bcb4f4adf169fe5a1c8f03af29b42435a7854d77fb873964f3fd9c1", // (3)!
},
"claims": {
"..."
}
}
- Configures which blockchain should be used to store information about issuance sessions
- The url of a node in the blockchain
- The private key who owns the contract
5. Restart your credential issuance service instance using Docker
After updating your server.json file you must update your credential issuance service instance.
To do this, stop any docker container using your specified port
and run the following command:
docker run -d -p 9201:9201 -v PATH_TO_YOUR_SERVER.JSON:/conf/server.json registry.gitlab.com/secata/platform/did/did-issuer-backend:latest
6. Verify your new configuration
You can test that your new registry works by creating a new issuance and making sure that you can check its status:
-
Navigate to http://localhost:9201/openapi.
-
You can start a new issuance by calling the
issuance/oid4vci/new-sessionendpoint with dummy values. This endpoint should return a session id and a credential offer uri. -
Next, pass the
session_idof your newly created request to theissuance/oid4vci/status/{session_id}endpoint. It should return the status issuance of your request. For example:
{
"status": "ISSUANCE_STARTED"
}