This repo provides sources for the aca-py and tails server images, providing a basic docker image of both. These images use a base installation of aca-py and tails server and add changes necessary for running with a random user, like when running in security-focussed Kubernetes distributions such as openshift.
Please refer to the official DOcumentaion of indy tails server and Aca-Py.
| Env var | Description | Default |
|---|---|---|
| ACAPY_ADMIN_API_KEY | Protect all admin endpoints with the provided API key. API clients (e.g. the controller) must pass the key in the HTTP header using 'X-API-Key: '. Either this parameter or the '--admin-insecure-mode' parameter MUST be specified. | |
| ACAPY_ADMIN_INSECURE_MODE | Run the admin web server in insecure mode. DO NOT USE FOR PRODUCTION DEPLOYMENTS. The admin server will be publicly available to anyone who has access to the interface. Either this parameter or the '--api-key' parameter MUST be specified. | |
| ACAPY_NO_RECEIVE_INVITES | Prevents an agent from receiving invites by removing the '/connections/receive-invite' route from the administrative interface. | false. |
| ACAPY_HELP_LINK | A URL to an administrative interface help web page that a controller user interface can get from the agent and provide as a link to users. | |
| ACAPY_WEBHOOK_URL | Send webhooks containing internal state changes to the specified URL. Optional API key to be passed in the request body can be appended using a hash separator [#]. This is useful for a controller to monitor agent events and respond to those events using the admin API. If not specified, | webhooks are not published by the agent. |
| Env var | Description | Default |
|---|---|---|
| ACAPY_DEBUG | Enables a remote debugging service that can be accessed using ptvsd for Visual Studio Code. The framework will wait for the debugger to connect at start-up. | false. |
| ACAPY_DEBUG_SEED | Specify the debug seed to use. | |
| ACAPY_DEBUG_CONNECTIONS | Enable additional logging around connections. | false. |
| ACAPY_DEBUG_CREDENTIALS | Enable additional logging around credential exchanges. | false. |
| ACAPY_DEBUG_PRESENTATIONS | Enable additional logging around presentation exchanges. | false. |
| ACAPY_INVITE | After startup, generate and print a new out-of-band connection invitation URL. | false. |
| ACAPY_CONNECTIONS_INVITE | After startup, generate and print a new connections protocol style invitation URL. | false. |
| ACAPY_INVITE_LABEL | Specify the label of the generated invitation. | |
| ACAPY_INVITE_MULTI_USE | Flag specifying the generated invite should be multi- use. | |
| ACAPY_INVITE_PUBLIC | Flag specifying the generated invite should be public. | |
| ACAPY_INVITE_METADATA_JSON | Add metadata json to invitation created with ACAPY_INVITE argument. | |
| ACAPY_TEST_SUITE_ENDPOINT | URL endpoint for sending messages to the test suite agent. | |
| ACAPY_AUTO_ACCEPT_INVITES | Automatically accept invites without firing a webhook event or waiting for an admin request. | false. |
| ACAPY_AUTO_ACCEPT_REQUESTS | Automatically accept connection requests without firing a webhook event or waiting for an admin request. | false. |
| ACAPY_AUTO_RESPOND_MESSAGES | Automatically respond to basic messages indicating the message was received. | false. |
| ACAPY_AUTO_RESPOND_CREDENTIAL_PROPOSAL | Auto-respond to credential proposals with corresponding credential offers | |
| ACAPY_AUTO_RESPOND_CREDENTIAL_OFFER | Automatically respond to Indy credential offers with a credential request. | false |
| ACAPY_AUTO_RESPOND_CREDENTIAL_REQUEST | Auto-respond to credential requests with corresponding credentials | |
| ACAPY_AUTO_RESPOND_PRESENTATION_PROPOSAL | Auto-respond to presentation proposals with corresponding presentation requests | |
| ACAPY_AUTO_RESPOND_PRESENTATION_REQUEST | Automatically respond to Indy presentation requests with a constructed presentation if a corresponding credential can be retrieved for every referent in the presentation request. | false. |
| ACAPY_AUTO_STORE_CREDENTIAL | Automatically store an issued credential upon receipt. | false. |
| ACAPY_AUTO_VERIFY_PRESENTATION | Automatically verify a presentation when it is received. | false. |
| Env var | Description | Default |
|---|---|---|
| ARGFILE Load aca-py arguments from the specified file. Note that this file _must be in YAML format. | ||
| ACAPY_PLUGIN | as external plugin module. Multiple instances of this parameter can be specified. | |
| ACAPY_STORAGE_TYPE | Specifies the type of storage provider to use for the internal storage engine. This storage interface is used to store internal state. Supported internal storage types are 'basic' (memory) and 'indy'. The default (if not specified) is 'indy' if the wallet type is set to 'indy', otherwise 'basic' | |
| ACAPY_ENDPOINT | Specifies the endpoints to put into DIDDocs to inform other agents of where they should send messages destined for this agent. Each endpoint could be one of the specified inbound transports for this agent, or the endpoint could be that of another | agent (e.g. 'https://example.com/agent-endpoint') if the routing of messages to this agent by a mediator is configured. The first endpoint specified will be used in invitations. The endpoints are used in the formation of a connection with another agent. |
| ACAPY_PROFILE_ENDPOINT | Specifies the profile endpoint for the (public) DID. | |
| ACAPY_READ_ONLY_LEDGER | Sets ledger to read-only to prevent updates. | false. |
| ACAPY_TAILS_SERVER_BASE_URL | Sets the base url of the tails server in use. | |
| ACAPY_TAILS_SERVER_UPLOAD_URL | Sets the base url of the tails server for upload, | defaulting to the tails server base url. |
| Env var | Description | Default |
|---|---|---|
| ACAPY_LEDGER_POOL_NAME | Specifies the name of the indy pool to be opened. This is useful if you have multiple pool configurations. | |
| ACAPY_GENESIS_TRANSACTIONS | Specifies the genesis transactions to use to connect to an Hyperledger Indy ledger. The transactions are provided as string of JSON e.g. '{"reqSignature":{},"txn":{"data":{"d... ' | |
| ACAPY_GENESIS_FILE | Specifies a local file from which to read the genesis transactions. | |
| ACAPY_GENESIS_URL | Specifies the url from which to download the genesis transactions. For example, if you are using 'von- network', the URL might be 'http://localhost:9000/genesis'. Genesis transactions URLs are available for the Sovrin test/main networks. | |
| ACAPY_NO_LEDGER | Specifies that aca-py will run with no ledger configured. This must be set if running in no-ledger mode. Overrides any specified ledger or genesis configurations. | false. |
| Env var | Description | Default |
|---|---|---|
| ACAPY_LOG_CONFIG | Specifies a custom logging configuration file | |
| ACAPY_LOG_FILE | Overrides the output destination for the root logger (as defined by the log config file) to the named . | |
| ACAPY_LOG_LEVEL | Specifies a custom logging level as one of: ('debug', 'info', 'warning', 'error', 'critical') |
| Env var | Description | Default |
|---|---|---|
| ACAPY_AUTO_PING_CONNECTION | Automatically send a trust ping immediately after a connection response is accepted. Some agents require this before marking a connection as 'active'. | false |
| ACAPY_INVITE_BASE_URL | Base URL to use when formatting connection invitations in URL format. | |
| ACAPY_MONITOR_PING | Send a webhook when a ping is sent or received. | |
| ACAPY_PUBLIC_INVITES | Send invitations out, and receive connection requests, using the public DID for the agent. | false |
| ACAPY_TIMING | Include timing information in response messages. | |
| ACAPY_TIMING_LOG | Write timing information to a given log file. | |
| Generate tracing events. | [env var: ACAPY_TRACE] | |
| ACAPY_TRACE_TARGET | Target for trace events ("log", "message", or http endpoint). | |
| ACAPY_TRACE_TAG | Tag to be included when logging events. | |
| ACAPY_TRACE_LABEL | Label (agent name) used logging events. | |
| ACAPY_PRESERVE_EXCHANGE_RECORDS | Keep credential exchange records after exchange has completed. | |
| ACAPY_EMIT_NEW_DIDCOMM_PREFIX | Emit protocol messages with new DIDComm prefix; i.e., 'https://didcomm.org/' instead of ( default) prefix 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/'. | |
| ACAPY_EMIT_NEW_DIDCOMM_MIME_TYPE | Send packed agent messages with the DIDComm MIME type as of RFC 0044; i.e., 'application/didcomm-envelope- enc' instead of 'application/ssi-agent-wire'. | |
| ACAPY_EXCH_USE_UNENCRYPTED_TAGS | Store tags for exchange protocols (credential and presentation) using unencrypted rather than encrypted tags |
| Env var | Description | Default |
|---|---|---|
| ACAPY_AUTO_PROVISION | If the requested profile does not exist, initialize it with the given parameters. |
| Env var | Description | Default |
|---|---|---|
| ACAPY_INBOUND_TRANSPORT Defines the inbound transport(s) on which the agent listens for receiving messages from other agents. This parameter can be specified multiple times to create multiple interfaces. Built-in inbound transport types include 'http' and 'ws'. However, other transports can be loaded by specifying an absolute module path. | http 0.0.0.0 11000 | |
| ACAPY_OUTBOUND_TRANSPORT | Defines the outbound transport(s) on which the agent will send outgoing messages to other agents. This parameter can be passed multiple times to supoort multiple transport types. Supported outbound transport types are 'http' and 'ws'. | http |
| ACAPY_LABEL-l , --label Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection. | ||
| ACAPY_IMAGE_URL | IMAGE_URL Specifies the image url for this agent. This image url is publicized (self-attested) to other agents as part of forming a connection. | |
| ACAPY_MAX_MESSAGE_SIZE | Set the maximum size in bytes for inbound agent messages. | |
| ACAPY_ENABLE_UNDELIVERED_QUEUE | Enable the outbound undelivered queue that enables this agent to hold messages for delivery to agents without an endpoint. This option will require additional memory to store messages in the queue. | |
| ACAPY_MAX_OUTBOUND_RETRY | MAX_OUTBOUND_RETRY Set the maximum retry number for undelivered outbound messages. Increasing this number might cause to increase the accumulated messages in message queue. | 4 |
| Env var | Description | Default |
|---|---|---|
| Enables didcomm mediation. After establishing a connection, if enabled, an agent may request message mediation, which will allow the mediator to forward messages on behalf of the recipient. See aries- rfc:0211. | ||
| ACAPY_MEDIATION_INVITATION | Connect to mediator through provided invitation and send mediation request and set as default mediator. | |
| ACAPY_MEDIATION_CONNECTIONS_INVITE | Connect to mediator through a connection invitation. If not specified, connect using an OOB invitation. | false. |
| ACAPY_DEFAULT_MEDIATION_ID | default-mediator-id Set the default mediator by ID | |
| ACAPY_CLEAR_DEFAULT_MEDIATOR | default-mediator Clear the stored default mediator. |
| Env var | Description | Default |
|---|---|---|
| ACAPY_WALLET_SEED | Specifies the seed to use for the creation of a public DID for the agent to use with a Hyperledger Indy ledger, or a local (ACAPY_WALLET_LOCAL_DID) DID. If public, the DID must already exist on the ledger. | |
| ACAPY_WALLET_LOCAL_DID | If this parameter is set, provisions the wallet with a local DID from the ACAPY_WALLET_SEED parameter, instead of a public DID to use with a Hyperledger Indy ledger. | |
| ACAPY_WALLET_KEY | Specifies the master key value to use to open the wallet. | |
| ACAPY_WALLET_REKEY | Specifies a new master key value to which to rotate and to open the wallet next time. | |
| ACAPY_WALLET_NAME | Specifies the wallet name to be used by the agent. This is useful if your deployment has multiple wallets. | |
| ACAPY_WALLET_TYPE | Specifies the type of Indy wallet provider to use. Supported internal storage types are 'basic' (memory) and 'indy' | 'basic'. |
| ACAPY_WALLET_STORAGE_TYPE | Specifies the type of Indy wallet backend to use. Supported internal storage types are 'basic' (memory), 'default' (sqlite), and 'postgres_storage'. | 'default'. |
| ACAPY_WALLET_STORAGE_CONFIG | Specifies the storage configuration to use for the wallet. This is required if you are for using 'postgres_storage' wallet storage type. For example, '{"url":"localhost:5432", "wallet_scheme":"MultiWalletSingleTable"}'. This configuration maps to the indy sdk postgres plugin | (PostgresConfig). |
| ACAPY_WALLET_STORAGE_CREDS | Specifies the storage credentials to use for the wallet. This is required if you are for using 'postgres_storage' wallet For example, '{"account":"postgres","password": "mysecretpassword","admin_account":"postgres", "admin_password":"mysecretpassword"}'. This configuration maps | to the indy sdk postgres plugin (PostgresCredentials). NOTE: admin_user must have the CREATEDB role or else initialization will fail. |
| ACAPY_REPLACE_PUBLIC_DID | If this parameter is set and an agent already has a public DID, and the ACAPY_WALLET_SEED parameter specifies a new DID, the agent will use the new DID in place of the existing DID. | false. |
| ACAPY_RECREATE_WALLET | If an existing wallet exists with the same name, remove and recreate it during provisioning. |
| Env var | Description | Default |
|---|---|---|
| ACAPY_MULTITENANT | Enable multitenant mode. | |
| ACAPY_MULTITENANT_JWT_SECRET | Specify the secret to be used for Json Web Token (JWT) creation and verification. The JWTs are used to authenticate and authorize multitenant wallets. | |
| ACAPY_MULTITENANT_ADMIN | Specify whether to enable the multitenant admin api. |
| Env var | Description | Default |
|---|---|---|
| TAILS_SERVER_ADDRESS | External address of the tails server | |
| TAILS_SERVER_LOG_LEVEL | Log level |