chore: remove port forwarding

Makefile

@@ -30,7 +30,11 @@ ENV = $(DOTENV_CMD) -f .env-issuer
 .PHONY: run-full
 run-full:
 	@make down
-	$(DOCKER_COMPOSE_FULL_CMD) up -d
+ifeq ($(ISSUER_KMS_ETH_PROVIDER)$(ISSUER_KMS_BJJ_PROVIDER), localstoragelocalstorage)
+	$(DOCKER_COMPOSE_FULL_CMD) up -d redis postgres api pending_publisher notifications ui
+else
+	$(DOCKER_COMPOSE_FULL_CMD) up -d redis postgres vault api pending_publisher notifications ui
+endif
 
 .PHONY: build-local
 build-local:
@@ -213,13 +217,11 @@ else ifeq ($(ISSUER_KMS_ETH_PROVIDER), localstorage)
 	privadoid-kms-importer ./kms_priv_key_importer --privateKey=$(private_key)
 else ifeq ($(ISSUER_KMS_ETH_PROVIDER), vault)
 	@echo ">>> importing private key to VAULT"
-	$(DOCKER_COMPOSE_INFRA_CMD) up -d vault
-	@echo "waiting for vault to start..."
-	sleep 10
 	@docker build -t privadoid-kms-importer -f ./Dockerfile-kms-importer .
-	docker run --rm -it -v ./.env-issuer:/.env-issuer --network issuer-network \
+	$(eval NETWORK=$(shell docker inspect issuer-vault-1 --format '{{ .HostConfig.NetworkMode }}'))
+	@echo $(NETWORK)
+	docker run --rm -it -v ./.env-issuer:/.env-issuer --network $(NETWORK) \
 		privadoid-kms-importer ./kms_priv_key_importer --privateKey=$(private_key)
-	$(DOCKER_COMPOSE_INFRA_CMD) stop
 else
 	@echo "ISSUER_KMS_ETH_PROVIDER is not set"
 endif
@@ -267,4 +269,5 @@ print-commands:
 
 .PHONY: clean-volumes
 clean-volumes:
-	$(DOCKER_COMPOSE_INFRA_CMD) down -v
+	$(DOCKER_COMPOSE_INFRA_CMD) down -v
+	$(DOCKER_COMPOSE_FULL_CMD) down -v

README.md

@@ -24,8 +24,9 @@ Streamline the **Verifiable Credentials issuance** process with the user-friendl
   - [Table of Contents](#table-of-contents)
   - [Quick Start Installation](#quick-start-installation)
     - [Prerequisites](#prerequisites)
-    - [Install and run Issuer Node API and UI](#install-and-run-issuer-node-api-and-ui)
-    - [Running only Issuer Node API](#running-only-issuer-node-api)
+    - [Run Issuer Node API and UI (docker compose with images from privadoid dockerhub registry)](#run-issuer-node-api-and-ui-docker-compose-with-images-from-privadoid-registry)
+    - [Install and run Issuer Node API and UI (docker compose and build from source)](#install-and-run-issuer-node-api-and-ui-docker-compose-and-build-from-source)
+    - [Running only Issuer Node API (docker compose and build from source)](#running-only-issuer-node-api-docker-compose-and-build-from-source)
   - [KMS Providers Configuration](#kms-providers-configuration)
   - [Quick Start Demo](#quick-start-demo)
   - [Documentation](#documentation)
@@ -37,6 +38,8 @@ Streamline the **Verifiable Credentials issuance** process with the user-friendl
 > The provided installation guide is **non-production** ready. For production deployments please refer to  [Standalone Mode Guide](https://devs.polygonid.com/docs/issuer/setup-issuer-core/).
 >
 > There is no compatibility with Windows environments at this time. While using WSL should be ok, it's not officially supported.
+> 
+> **After changing the configuration, you must restart the issuer node docker containers.**
 
 ### Prerequisites
 
@@ -53,6 +56,7 @@ Streamline the **Verifiable Credentials issuance** process with the user-friendl
 
 ### Run Issuer Node API and UI (docker compose with images from privadoid registry)
 To run the issuer node (API and UI) quickly and without too many customizations follow the following steps:
+
 1. Copy the config sample file:
 ```shell
 cp .env-issuer.sample .env-issuer
@@ -62,7 +66,6 @@ cp .env-issuer.sample .env-issuer
 *.env-issuer*
 ```bash
 ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>
-ISSUER_API_AUTH_USER=user-issuer
 ```
 
 3. Create a file with the networks' configuration. You can copy and modify the provided sample file:
@@ -78,9 +81,30 @@ define the RPCs. that will use.
 ```shell
 make run-full
 ```
+
+after a few seconds, the issuer node will be running and you can check the docker containers with `docker ps` and you 
+should see something like this:
+```shell
+CONTAINER ID   IMAGE                           COMMAND                  CREATED          STATUS                    PORTS                                        NAMES
+6e923fa11228   privadoid/issuernode-ui         "/bin/sh /app/script…"   37 seconds ago   Up 32 seconds (healthy)   0.0.0.0:8088->80/tcp                         issuer-ui-1
+16afc9d66591   privadoid/issuernode            "sh -c ./pending_pub…"   37 seconds ago   Up 32 seconds (healthy)                                                issuer-pending_publisher-1
+ceb41877c041   privadoid/issuernode            "sh -c ./notificatio…"   37 seconds ago   Up 32 seconds (healthy)                                                issuer-notifications-1
+bd7b69984f1c   privadoid/issuernode            "sh -c './migrate &&…"   38 seconds ago   Up 34 seconds (healthy)   0.0.0.0:3001->3001/tcp                       issuer-api-1
+25ae0fcac183   postgres:14-alpine              "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   5432/tcp                                     issuer-postgres-1
+a4a1d3ec9159   redis:6-alpine                  "docker-entrypoint.s…"   38 seconds ago   Up 36 seconds (healthy)   6379/tcp                                     issuer-redis-1
+```
+
+
+5. Import your Ethereum private key
+
+```shell
+make private_key=<private-key> import-private-key-to-kms 
+```
+
 then visit:
-* http://localhost:8088/ to access the UI
-* http://localhost:3001/ to access the API.
+* https://localhost:8088/ to access the UI (default username / password are: user-ui, password-ui). You can set them using env [vars](.env-ui.sample).
+* <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API. (default username / password are: user-issuer, password-issuer)
+  You can set them using env [vars](.env-issuer.sample).
 
 **Different installation alternatives can be seen later.**
 
@@ -101,6 +125,7 @@ cp .env-issuer.sample .env-issuer
 *.env-issuer*
 ```bash
 ISSUER_SERVER_URL=<PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>
+# API Auth credentials - You can change these values
 ISSUER_API_AUTH_USER=user-issuer
 ISSUER_API_AUTH_PASSWORD=password-issuer
 ```
@@ -118,20 +143,13 @@ define the RPCs. that will use.
 ```bash 
 cp .env-ui.sample .env-ui
 ```
-The default UI has basic authentication configured, you must establish the credentials by modifying the value of
-the following variables
+If you want to disable UI authentication just change `ISSUER_UI_INSECURE=true`, or if you want to change ui authentication:
 
 *.env-ui*
 ```bash
-ISSUER_UI_AUTH_USERNAME=user-ui
-ISSUER_UI_AUTH_PASSWORD=password-ui
+ISSUER_UI_AUTH_USERNAME=<your-username>
+ISSUER_UI_AUTH_PASSWORD=<your-password>
 ```
-If you want to disable UI authentication, you must change the value of the following variable to true:
-
-```bash
-ISSUER_UI_INSECURE=true
-```
-
 
 5. Run API, UI and infrastructure (Postgres, localstorage and Redis)
 
@@ -141,20 +159,26 @@ make run-all
 ```
 then visit 
 * http://localhost:8088/ to access the UI
-* http://localhost:3001/ to access the API.
+* <PUBLICLY_ACCESSIBLE_URL_POINTING_TO_ISSUER_SERVER_PORT>:3001/ to access the API.
 
-6. Import your private Key:
-   Write the private key in Vault. This step is needed in order to be able to transit the issuer's state. To perform that
-   action the given account has to be funded. For Amoy network you can request some testing Matic [here](https://www.alchemy.com/faucets/polygon-amoy)
+6. Import your Ethereum private Key:
+Configure the private key. This step is needed in order to be able to transit the issuer's state. To perform that
+action the given account has to be funded. For Amoy network you can request some testing Matic [here](https://www.alchemy.com/faucets/polygon-amoy)
 ```bash
 make private_key=<private-key> import-private-key-to-kms
 ```
 
 
-### Running only Issuer Node API
+### Running only Issuer Node API (docker compose and build from source)
 
 If you want to run only the API, you can follow the steps below. You have to have the .env-issuer file filled with 
-the proper values and the resolver_settings.yaml file with the proper RPCs.
+the proper values and the `resolvers_settings.yaml` file with the proper RPCs.
+Make sure the infrastructure is running (Postgres, localstorage and Redis). If not, you can run it with the following command:
+
+```shell
+make up
+```
+
 Then run: 
 
 ```shell
@@ -163,7 +187,7 @@ make build && make run
 ----
 **Troubleshooting:**
 
-In order to **stop** **all** the containers, run the following command:
+In order to **stop all** the containers, run the following command:
 
 > [!NOTE] This will not delete the data in the vault and the database.
 
@@ -196,21 +220,34 @@ make build && make run
 ```
 
 ### KMS Providers Configuration
-Consider that if you have the issuer node running, after changing the configuration you must restart it.
-In all options the .env-issuer file is necessary.
+Consider that if you have the issuer node running, after changing the configuration you must restart all the containers.
+In all options the **.env-issuer** file is necessary.
 
 #### Running issuer node with vault instead of local storage file
-The issuer node can be configured to use a local storage, that is, a local file, as kms provider. 
-This alternative can be useful in development or testing environments. To do it:
+The issuer node can be configured to use a [HashiCorp Vault](https://www.vaultproject.io), as kms provider.
+However, Vault needs a [plugin](https://github.com/iden3/vault-plugin-secrets-iden3) 
+for key generation and message signing. This is because the issuer node does not generate private keys, but rather 
+delegates that action and the signing of messages to the vault.
 
 Setup environment variables in `.env-issuer` file:
 
 ```bash
 ISSUER_KMS_BJJ_PROVIDER=vault
 ISSUER_KMS_ETH_PROVIDER=vault
 ```
+After configuring the variables, run the following commands:
+
+```bash
+make up
+``` 
+In this case, the docker container for vault will be created.
 
-To import the private key necessary to transition onchain states, the command is the same as [explained before](#install-and-run-issuer-node-api-and-ui).
+To import the private key (if you have changed the kms provider you have to import the private key again) necessary to 
+transition issuer node states onchain, the command is the same as explained before:
+
+```shell
+make private_key <private-key> import-private-key-to-kms
+```
 
 ## Quick Start Demo
 

infrastructure/local/docker-compose-full.yml

@@ -7,8 +7,6 @@ services:
       - PGUSER=postgres
       - POSTGRES_HOST_AUTH_METHOD=trust
       - POSTGRES_USER=postgres
-    ports:
-      - "5432:5432"
     volumes:
       - ./scripts/sql:/docker-entrypoint-initdb.d:ro
       - postgres-data-full:/var/lib/postgresql/data
@@ -20,14 +18,42 @@ services:
 
   redis:
     image: redis:6-alpine
-    ports:
-      - "6379:6379"
     healthcheck:
       test: [ "CMD", "redis-cli", "-p", "6379", "ping" ]
       interval: 10s
       timeout: 5s
       retries: 5
 
+  vault:
+    image: vault:1.13.2
+    volumes:
+      - ./.vault/config:/vault/config
+      - ./.vault/scripts:/vault/scripts
+      - vault-plugins-full:/vault/plugins
+      - vault-data-full:/vault/data
+      - vault-file-full:/vault/file:rw
+    environment:
+      - VAULT_ADDR=http://0.0.0.0:8200
+      - VAULT_API_ADDR=http://0.0.0.0:8200
+      - VAULT_ADDRESS=http://0.0.0.0:8200
+    cap_add:
+      - IPC_LOCK
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "wget",
+          "--spider",
+          "--proxy",
+          "off",
+          "http://vault:8200/v1/sys/health?standbyok=true",
+        ]
+      interval: 10s
+      timeout: 3s
+      retries: 10
+      start_period: 5s
+    command: ./vault/scripts/init.sh
+
   ui:
     image: privadoid/issuernode-ui
     pull_policy: always
@@ -36,7 +62,7 @@ services:
     env_file:
       - ../../.env-ui
     healthcheck:
-      test: [ "CMD", "curl", "-f", "localhost/health" ]
+      test: [ "CMD", "curl", "-f", "ui/health" ]
       interval: 10s
       timeout: 5s
       retries: 5
@@ -54,48 +80,47 @@ services:
       - ../../localstoragekeys:/localstoragekeys:rw
       - ../../resolvers_settings.yaml:/resolvers_settings.yaml
     healthcheck:
-      test: [ "CMD", "curl", "-f", "localhost:3001/status" ]
+      test: [ "CMD", "curl", "-f", "api:3001/status" ]
       interval: 10s
       timeout: 5s
       retries: 5
     command: sh -c "./migrate && ./platform"
+    restart: unless-stopped
     depends_on:
       - postgres
       - redis
 
   notifications:
     image: privadoid/issuernode
     pull_policy: always
-    ports:
-      - "3004:3004"
     env_file:
       - ../../.env-issuer
     volumes:
       - ../../resolvers_settings.yaml:/resolvers_settings.yaml
     command: sh -c "./notifications"
     healthcheck:
-      test: [ "CMD", "curl", "-f", "localhost:3004/status" ]
+      test: [ "CMD", "curl", "-f", "notifications:3004/status" ]
       interval: 10s
       timeout: 5s
       retries: 5
+    restart: unless-stopped
     depends_on:
       - api
 
   pending_publisher:
     image: privadoid/issuernode
     pull_policy: always
-    ports:
-      - "3005:3005"
     env_file:
       - ../../.env-issuer
     volumes:
       - ../../resolvers_settings.yaml:/resolvers_settings.yaml
     command: sh -c "./pending_publisher"
     healthcheck:
-      test: [ "CMD", "curl", "-f", "localhost:3005/status" ]
+      test: [ "CMD", "curl", "-f", "pending_publisher:3005/status" ]
       interval: 10s
       timeout: 5s
       retries: 5
+    restart: unless-stopped
     depends_on:
       - api
 
@@ -104,4 +129,7 @@ networks:
     name: issuer-network-full
 
 volumes:
-  postgres-data-full:
+  postgres-data-full:
+  vault-plugins-full:
+  vault-data-full:
+  vault-file-full: