Service setup
Installation guide for CREDEBL Platform Services
Before installing the CREDEBL Platform services, it is essential to ensure that your environment meets certain prerequisites. Properly setting up these requirements will help facilitate a smooth installation process and optimal performance of the platform. This includes preparing your system with the necessary software dependencies, configuring the required network settings, and ensuring adequate hardware resources. Following these guidelines will help prevent potential issues and ensure that the CREDEBL Platform services are installed and operate as intended.
System requirements
Here is the list of software needed to get started:
Git (>= 2.34.1)
Docker (>= 24.0.5)
Docker Compose (>= 2.20.3)
The above can directly be installed from their respective docs or from common prerequisites
Prerequisites
Here is the list of prerequisites software we will need for CREDEBL:
PostgreSQL (>= 14)
NATS (>= 2.6.4)
REDIS (>= 7.4)
Keycloak (>= 25.0.6)
Schema file server (optional)
Clone Repository
Clone the platform repository from GitHub:
git clone https://github.com/credebl/platform.git
cd platform
Environment Variables
To help you quick start, a .env.demo
is already present at the root of the platform repository. To getting started, rename .env.demo
to .env
Please find your-ip
in the .env
file, and replace all occurrences it with your machine's Ip address.
Apart from the already present variables, you need to add few variables generated from the below prerequisites like the PostgreSQL, Keycloak, Sendgrid, AWS S3, etc at the respective steps.
PostgreSQL
In case you already have PostgreSQL preinstalled on your machine, you can simply skip the database setup and add the appropriate .env variable after creating user postgres
and database credebl
if not already created.
PostgreSQL is a powerful, open-source object-relational database system known for its robustness and advanced features. This guide provides instructions for installing and configuring PostgreSQL both natively and using Docker. Installing PostgreSQL
Initially we'll need to install postures on the host or on docker
sudo apt install postgresql
# To verify the status of the PostgreSQL service, use:
sudo systemctl status postgresql
Access the PostgreSQL and create user and database
# Access the PostgreSQL command line interface:
sudo -u postgres psql
# Create a new user and set password:
CREATE USER postgres WITH ENCRYPTED PASSWORD 'postgres';
# Create db:
CREATE DATABASE credebl;
# Grant all privileges on the database to the user
GRANT ALL PRIVILEGES ON DATABASE credebl TO postgres;
NATS
The CREDEBL platform utilizes NATS for message-driven data exchange between its micro-services.
For default setup, you can skip NATS and REDIS configurations and Continue here
REDIS
The CREDEBL platform leverages Redis as an in-memory data store, primarily for caching and queuing.
You can skip REDIS setup if you are installing Platform services using docker. Continue here
Keycloak
Keycloak is an open source identity and access management solution
Run Keycloak using docker:
docker run -d -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin quay.io/keycloak/keycloak:25.0.6 start-dev
This command installs and starts Keycloak at the specified endpoints, locally accessible at http://localhost:8080.
Once logged in:
This section guides you through the initial setup and configuration of Keycloak through its administration console.
Go to administration console
Login using username: admin, password: admin.
Click on the Keycloak dropdown on the top left and add a new realm as “credebl-platform” by clicking on 'Create realm'.
Go to 'Clients' under 'Manage' in the sidebar on the left and create new client as a clientId = “adminClient”.
Click on Next Button
Set client authentication to ON mode.
Set Service Accounts Roles to ON mode.
Set Direct Access Grants to ON mode.
Click on Next Button
Add http://your-url/* (Eg.: http://localhost:3000/*) in Valid Redirect URIs as front-end url.
Add http://your-url/ (Eg.: http://localhost:8080/) in Root URL.
Add http://your-url/ (Eg.: http://localhost:8080/) in Web Origins.
adminClient details Save the details
Service Account Roles Settings:
This section outlines the configuration of service account roles to manage permissions and access control within Keycloak.
assigned service role If not already inside, go to adminClient from the clients in the side bar.
Go to the Service account role section.
Click on the Assign role button.
Select Filter by clients from the dropdown menu.
Select the below roles from the Available Roles and click on the Assign button:
Create-client
Manage-client
Manage-users
Query-clients
Query-users
View-clients
View-users
Realm Roles Settings:
This section covers the configuration of realm role settings within Keycloak.

Under the credebl-platform realm, from the menu select realm-roles.
Under the credebl-platform realm, from the menu select realm-roles.
In realm-roles, click on Create Role and create a role with Role name=“holder”
SSO Session Settings: Set SSO Session Idle to 2 days. This is the expiration time of the refresh token if the user is idle on the platform. We can configure this as per our need. To navigate to SSO Session, go to
Realm settings
option on left sidebar underconfigure,
now under theSessions
tab you can seeSSO Session Idle.
Update the
.env
Update the .env file for the Keycloak details: To set the env variable KEYCLOAK_MANAGEMENT_CLIENT_SECRET, in credebl-platform realm, go to clients >> adminClient. Now in the Credentials tab, copy the client secret

KEYCLOAK_DOMAIN=http://localhost:8080/
KEYCLOAK_ADMIN_URL=http://localhost:8080
KEYCLOAK_MASTER_REALM=master
KEYCLOAK_MANAGEMENT_CLIENT_ID=adminClient
KEYCLOAK_MANAGEMENT_CLIENT_SECRET=
KEYCLOAK_REALM=credebl-platform
Below is an optional step to add users and can be skipped
SendGrid
Create a SendGrid account, generate an API key, and grant necessary permissions for sending emails.
Add the send grid key in the
.env
SENDGRID_API_KEY=your-API-key
AWS S3
To utilize all functionalities of CREDEBL, total of 3 S3 buckets are required for;
Storing Organization logo during creating and updating an organization
Bulk issuance of credentials
Storing connection URL generated from Agent and creating shortened URL
# 1. Used for Adding org-logo during org creation and update
# Optional (Can be skipped if no image is added during org creation and updation)
AWS_PUBLIC_ACCESS_KEY=
AWS_PUBLIC_SECRET_KEY=
AWS_PUBLIC_REGION=
AWS_ORG_LOGO_BUCKET_NAME=
# 2. Used for Bulk issuance of credential
# Optional (Can be skipped if Bulk issuance is not used)
AWS_ACCESS_KEY=
AWS_SECRET_KEY=
AWS_REGION=
AWS_BUCKET=
# 3. Used for storing connection URL generated from Agent and creating shortened URL
# Required (As connecting to org requires Shortened url)
AWS_S3_STOREOBJECT_ACCESS_KEY=
AWS_S3_STOREOBJECT_SECRET_KEY=
AWS_S3_STOREOBJECT_REGION=
AWS_S3_STOREOBJECT_BUCKET=
According to the AWS_S3_STOREOBJECT_BUCKET
name, as per the AWS S3 path style, add domain to access objects from the bucket and save it, as it is utilized for the another .env variable
# Please refere AWS to determine your bucket url
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access
SHORTENED_URL_DOMAIN='https://s3.AWS_S3_STOREOBJECT_REGION.amazonaws.com/AWS_S3_STOREOBJECT_BUCKET'
Schema File Server
Clone Repository
Clone the platform repository from GitHub:
git clone https://github.com/ayanworks/schema-file-server.git
cd schema-file-server
Environment Variables
To help you quick start, a .env.demo
is already present at the root of the platform repository. To getting started, rename .env.demo
to .env
Please find JWT_TOKEN_SECRET
in the .env
file and replace its value with a base64-encoded JWT token.
Service Setup
Build the Docker Image
docker build -t schema-file-server .
Run the Docker Container
docker run -d --env-file .env -p 4000:4000 -v "$PWD/app/schemas:/app/schemas" --name schema-file-server schema-file-server
-d
: Run container in detached mode--env-file .env
: Load environment variables from the.env
file-p 4000:4000
: Map host port 4000 to container port 4000-v "$PWD/app/schemas:/app/schemas"
: Mount the localapp/schemas
directory into the container--name schema-file-server
: Assign a name to the containerschema-file-server
: The name of the Docker image
Update .env and agent.env
Update the schema file server token and URL in both the .env and agent.env files.
SCHEMA_FILE_SERVER_URL='http://localhost:4000/schemas/'
SCHEMA_FILE_SERVER_TOKEN=
SERVER_URL='http://localhost:4000'
FILE_SERVER_TOKEN=
Agent Setup
The Docker image built during this process is used to launch agents for new organizations on the CREDEBL platform.The Docker image name is set as an environment variable during the platform setup in a later step.
The default image for agent is ghcr.io/credebl/credo-controller:latest
refering to latest release of the credo-controller. Refer here: https://github.com/credebl/credo-controller/pkgs/container/credo-controller
Installations
Make sure the .env
file is set with all the required environment variables as per the sample file and the env guide give above.
Before you start the services make sure to update the credebl-master-table.json
present at location, libs/prisma-service/prisma/data
sendgrid details as well as your ip-address
{
"platformConfigData": {
"externalIp": "192.168.x.x",
"inboundEndpoint": "192.168.x.x",
"username": "credebl",
"sgApiKey": "API-key-received ",
"emailFrom": "Mail used in sendgrid",
"apiEndpoint": "http://192.168.x.x:5000",
"tailsFileServer": "http://192.168.x.x:5000"
},
At the root of the platfrom repo:
cd libs/prisma-service
npx prisma generate
npx prisma migrate deploy
Now seed the db, before starting the services using the following:
npx prisma db seed
Since, you are in the '/prisma-service', move back to the root
cd ../..
Start the services:
docker compose -f docker-compose-dev.yml up -d
Access the Platform API by navigating to http://localhost:5000
Last updated