Cloud Agent
The Cloud Agent is a W3C/Aries standards-based cloud agent written in Scala that provides self-sovereign identity services to build products and solutions based on it. The term "cloud" indicates that it operates on servers and is not intended for use on mobile devices.
Cloud Agent supports standard-based protocols built on top of DIDComm V2 for issuing, verifying, and holding verifiable credentials using both JWT and Hyperledger AnonCreds (coming soon) formats.
In order to use the Cloud Agent, you establish a business logic controller responsible for communicating with the agent (initiating HTTP requests and processing webhook notifications). This controller can be created using any programming language capable of sending and receiving HTTP requests.
As a result, you can concentrate on crafting self-sovereign identity solutions using well-known web development tools, without the need to delve into the intricacies of lower-level cryptography and identity protocol internals.
All documentation, tutorials and API references for the Identus ecosystem can be found at https://hyperledger.github.io/identus-docs/
- Rest API
- DIDComm V2
- W3C-compliant
did:prismanddid:peermethods - Credential types
- JWT-VC
- SD-JWT-VC
- AnonCreds
- HTTP events notification
- Cardano as a distributed ledger
- Secrets management with Hashicorp vault
- Multi-tenancy
- A government issues verifiable credentials (VCs) to its citizens to prove their identity and access government services.
- An enterprise issues VCs to its employees to prove their employment and access enterprise services.
- A Web3 authentication service based on verifiable presentations (VPs).
Before starting to use the Cloud Agent, it is important to understand the basic concepts of self-sovereign identity (SSI). The following resources provide a good introduction to SSI:
The next diagrams offer a concise architectural overview, depicting a Cloud Agent instance, a controller, the interconnections linking the controller and agent, as well as the external routes to other agents and public ledgers across the Internet.
- Java (OpenJDK 21)
- SBT (latest version)
- Git (for cloning the repository)
- Docker (for running the PostgreSQL database, Hashicorp Vault, APISIX, and PRISM Node)
To compile, test and publish local the image of the Cloud Agent, you can use the following commands:
sbt clean compile test docker:publishLocalCloud Agent is distributed as a Docker image to be run in a containerized environment. Versions after v1.31.0 can be found here and before v1.31.0, there.
The following sections describe how to run the Cloud Agent in different configurations.
The Cloud Agent can be configured to use different types of ledger, secret storage and DID persistence. Any combination of options is available, but the most common configurations are:
| Configuration | Secret Storage | DIDs persistence | Prism Node |
|---|---|---|---|
| Dev | PostgreSQL | No | In-memory |
| Pre-production | PostgreSQL | Yes | Distributed Ledger testnet (preview or preprod) |
| Production | Hashicorp | Yes | Distributed Ledger mainnet |
To start playing with Cloud Agent, we recommend using the Dev configuration. Pre-production and production configurations are intended for real-world use cases and require additional more complex configurations of the Distributed Ledger stack setup.
If you're interested in a hosted version of Cloud Agent, please, contact us via the Identus site.
System requirements can vary depending on the use case. The following are the minimum requirements for running the Cloud Agent with the Dev configuration:
- Linux or MacOS operating system
- Docker (with docker-compose support)
- Modern x86 or ARM-based CPU
- >=2GB RAM
To run Identus locally you should follow the instructions in the Quickstart guide
If the Cloud Agent is started successfully, all the running containers should achieve Healthy state, and Cloud Agent Rest API should be available at the specified port, for example:
http://localhost:8080/cloud-agentfor theissuerinstancehttp://localhost:8090/cloud-agentfor theholderinstance
You can check the status of the running containers using the health endpoint:
$ curl http://localhost:8080/cloud-agent/_system/health
{"version":"1.19.1"}There could be some incompatibilities between the most latest versions of Cloud Agent and PRISM Node. Please, use the following table to check the compatibility between the versions:
| Cloud Agent | PRISM Node |
|---|---|
| >=1.9.2 | 2.2.1 |
| <1.9.2 | 2.1.1 |
Please note: it is not guaranteed that the latest version of Cloud Agent will work with the latest version of PRISM Node. We recommend using the versions from the table above.
The following tutorials will help you get started with the Cloud Agent and issue your first credentials:
- Creating, updating and deactivating Decentralized Identifiers (DIDs)
- Setting up connections between agents using out-of-band (OOB) protocol
- Issuing verifiable credentials (VCs)
- Presenting VC proofs
Please read our contributions guidelines and submit your PRs. We enforce developer certificate of origin (DCO) commit signing.
We also welcome issues submitted about problems you encounter in using Cloud Agent.
Love the repo? Give our repo a star ⭐ ⬆️.