Prerequisite

Docker Compose

Step 1: Cloning the Repository

Clone the repository to your local system using the following command:

git clone https://github.com/krypc-code/kc-wallet-kms.git

Step 2: Setting Up the Environment

After cloning the repository, navigate to the test folder:

cd test

Launch the HashiCorp Vault service using Docker Compose:

sudo docker-compose -f docker-compose-vault.yaml up -d

Vault Initialization Steps:

1. Access the Vault UI:

   • Start the Vault server.

   • Open a web browser and navigate to http://127.0.0.1:8200.
2. Set Keyshare and Key Threshold:

   • In the Vault UI, locate the settings for key sharing.

   • Set the number of key shares (e.g., 5) and the key threshold (e.g., 3).

   • These values determine the number of key parts required to unseal the vault.

3. Generate Key Pairs:

   • Click on the "Initialize" button in the Vault UI.

   • This action triggers the generation of a set of key and root token pairs.
4. Download and Save Keys:

   • After initialization, download the generated keys.

   • Save the downloaded keys securely on your local machine.
5. Provide Unseal Keys:

   • Open the downloaded key file and find the keys_base64 values.

   • Depending on the threshold set earlier, gather the required number of keys_base64 values.

   • These keys will be used to unseal the vault.

6. Unseal the Vault:

   • In the Vault UI, locate the "Unseal" section.

   • Paste the collected keys_base64 values into the designated fields, based on the threshold.

   • Click "Continue" to unseal the vault.
7. Provide Root Token:

   • In the Vault UI, find the field to input the root token.

   • Enter the root token obtained during the initialization process.
8. Sign In to Vault:

   • Click on the "Sign In" or "Log In" button in the Vault UI.

   • If the root token is valid, you will gain access to the Vault.
9. Create New Engine:

   • Create a new secret engine by selecting KV on the options screen.
10. Secret As Path:

    • Create a new path with the value "secret" in the path parameter.
11. Vault Initialization Complete:

    • At this point, your Vault is initialized and accessible.

Make sure to keep the downloaded keys and root token secure.

Once the Vault service is running and initialized successfully, update the environment variables in the config.yaml file as follows:

"VAULT_URL": "http://127.0.0.1:8200",
"VAULT_TOKEN": "hvs.xxxxxxxxxxxxxxxxx",
"AUTH_TOKEN": "abd3789a-xxxx-xxxx-xxxx-ed65a2c2e7f6",
"SUBSCRIPTION_ID": "XXXXXXXXXX",
"PROXY_URL": "https://api.krypcore.com/api/v0",
"ENDPOINT": "https://polygon-mumbai-dev-node.krypcore.com/api/v0/rpc?apiKey=1ddc4575-xxxx-xxxx-xxxx-9d8a7a4086aa&token=abd3789a-xxxx-xxxx-xxxx-ed65a2c2e7f6",
"WALLET_INSTANCE_ID": "XXX_XX_XX_2023721",
"SCHEDULER_DURATION": "10"

you can retrieve the actual values of the

auth token, subscription ID from krypcore dashboard.

vault_token is the root token of the vault.

Proxy_url: "https://api.krypcore.com/api/v0" is production url which is need to be used.

endpoint url from manage dapps in mydapps.

wallet_instance_id from mydapps.

Step 3: Running the Service

Once you've configured the environment variables, come to parent directory

cd ...

Run the self-managed wallet service using the following command:

sudo run main.go

That's it! You should now have the Self-Managed Wallet service running on your local environment.