# README
ACE
ACE contains components to support Anonymous Comparator and Extractor flows.
Gatekeeper
Gatekeeper helps to ensure that there are multiple authorizations for accessing protected data under the given policy. It supports the following operations:
- create policy configurations for storing and releasing protected data;
- convert sensitive PII data into DID;
- create release transactions (tickets) on DID;
- accept authorizations for a ticket from approvers;
- accept release request for a ticket that has completed the authorization sequence.
Running Gatekeeper as a Docker container
Build a docker image using make gatekeeper-docker and start server with the following command:
$ docker run -p 9014:9014 ghcr.io/trustbloc/gatekeeper:latest start [flags]
Flags
| Flag | Environment variable | Description |
|---|---|---|
| --api-token | GK_REST_API_TOKEN | Bearer token used for a token protected api calls. |
| --bloc-domain | GK_BLOC_DOMAIN | Bloc domain. |
| --context-provider-url | GK_CONTEXT_PROVIDER_URL | Remote context provider URL to get JSON-LD contexts from. |
| --csh-url | GK_CSH_URL | URL of the Confidential Storage Hub. |
| --database-prefix | DATABASE_PREFIX | An optional prefix to be used when creating and retrieving underlying databases. |
| --database-timeout | DATABASE_TIMEOUT | Total time in seconds to wait until the datasource is available before giving up. |
| --database-url | DATABASE_URL | Database URL with credentials if required. |
| --did-anchor-origin | GK_DID_ANCHOR_ORIGIN | DID anchor origin. |
| --did-resolver-url | GK_DID_RESOLVER_URL | DID Resolver URL. |
| --host-url | GK_HOST_URL | Host URL to run the gatekeeper instance on. Format: HostName:Port. |
| --tls-cacerts | GK_TLS_CACERTS | Comma-separated list of CA certs path. |
| --tls-serve-cert | GK_TLS_SERVE_CERT | Path to the server certificate to use when serving HTTPS. |
| --tls-serve-key | GK_TLS_SERVE_KEY | Path to the private key to use when serving HTTPS. |
| --tls-systemcertpool | GK_TLS_SYSTEMCERTPOOL | Use system certificate pool. Possible values [true] [false]. |
| --vault-server-url | GK_VAULT_SERVER_URL | URL of the vault server. |
| --vc-issuer-profile | GK_VC_ISSUER_PROFILE | Profile of the VC VCIssuer service. |
| --vc-issuer-url | GK_VC_ISSUER_URL | URL of the VC Issuer service. |
| --request-tokens | GK_REQUEST_TOKENS | Tokens used for HTTP requests to other services. |
REST API
Generate OpenAPI specification
The OpenAPI spec for the gatekeeper can be generated by running the following target from the project root directory:
$ make open-api-spec
The generated spec can be found under ./test/bdd/fixtures/spec/openAPI.yml.
Run OpenAPI demo
Start the OpenAPI demo by running
$ make open-api-demo
Once the services are up, click here to launch the OpenAPI interface.
Running tests
Prerequisites
- Go 1.18
- Docker
- Docker-Compose
- Make
Targets
# run all build targets
$ make all
# run license and linter checks
$ make checks
# run unit tests
$ make unit-test
# run bdd tests
$ make bdd-test
Contributing
Thank you for your interest in contributing. Please see our community contribution guidelines for more information.
License
Apache License, Version 2.0 (Apache-2.0). See the LICENSE file.