Local Dev Environment
In this guide, we will walk you through the process of setting up a development environment for Sodot Exchange API Vault.
The Exchange API Vault is a secure MPC cluster that allows you to store and manage your API keys securely, using MPC (Multi-Party Computation) technology.
It is built on top of the Sodot MPC Vertex, which is a deployable server that functions as an MPC node in the cluster, and provides a secure storage for your sharded API keys.
The purpose of this guide is to allow you to run a full Vertex Cluster locally, with minimal resources and effort, so you can start to integrate with it using your code without the need to deploy it to a cloud provider.
Requirements
Before starting the setup process, make sure you have the following installed:
- Docker - Install Docker
Setup Process
The setup process is made of the following steps:
- Login to the Sodot Docker Registry using the JFROG Artifactory
- Pull the latest Vertex Docker image
- Pull the latest Relay Docker image
- Run the full setup using Docker Compose
1. Login to Sodot Docker Registry
To log in to the Sodot Docker Registry, you will need to obtain a Docker registry token from the JFROG Artifactory. You can follow the instructions in the Obtaining Credentials guide to obtain your token and log in to the Docker registry.
2. Pulling the latest Vertex Docker image
To pull the latest Vertex Docker image, run the following command:
docker pull repo.sodot.dev/sodot-docker-oci/vertex-exchange-api-vault:latest
3. Pulling the latest Relay Docker image
If you want to run the Relay server locally, you can pull the latest Relay Docker image by running:
docker pull repo.sodot.dev/sodot-docker-oci/sodot-relay-server:latest
4. Running the full setup using Docker Compose
To run the MPC Cluster and Relay server using Docker Compose, you will first need to create a docker-compose.yml file with the following content:
services:
vertex-1:
image: repo.sodot.dev/sodot-docker-oci/vertex-exchange-api-vault:latest
env_file: vertex.env
ports:
- "9001:8080"
volumes:
- vertex-1-db:/app/db/
vertex-2:
image: repo.sodot.dev/sodot-docker-oci/vertex-exchange-api-vault:latest
env_file: vertex.env
ports:
- "9002:8080"
volumes:
- vertex-2-db:/app/db/
vertex-3:
image: repo.sodot.dev/sodot-docker-oci/vertex-exchange-api-vault:latest
env_file: vertex.env
ports:
- "9003:8080"
volumes:
- vertex-3-db:/app/db/
relay:
image: repo.sodot.dev/sodot-docker-oci/sodot-relay-server:latest
environment:
RUST_LOG: debug
command:
- /sodot-relay-server
- --insecure-api-keys-not-enforced
- --listen
- 0.0.0.0:80
volumes:
vertex-1-db:
vertex-2-db:
vertex-3-db:
Then, create a vertex.env file with the following content:
RUST_LOG=info # Change to `debug` for more verbose logging
VERTEX_LISTEN_ADDR=0.0.0.0:8080
VERTEX_ADMIN_TOKEN=<VERY_SECRET_TOKEN> # Replace with your own secret token to access the admin API
VERTEX_HTTP=true # Listen on HTTP
VERTEX_RELAY_ADDRESS=relay # The relay service name defined in the docker-compose.yml
VERTEX_RELAY_API_KEY=aaaa # The relay is configured to not enforce API keys, so you can use any value here
VERTEX_SQLITE=sqlite:///app/db/vertex.db?mode=rwc # SQLite database file for the Vertex
VERTEX_BASIC_ENCRYPTION_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa # 32 bytes hex encoded key to encrypt/decrypt DB keys
DANGEROUS_CONTACT_RELAY_NO_TLS=true # Disable TLS for Relay communication (not recommended for production use)
Then, run the following command to start the MPC Cluster and Relay server:
docker-compose up -d
You can now access the Vertex instances at http://localhost:9001, http://localhost:9002, and http://localhost:9003.
An admin user with the token you provided in the VERTEX_ADMIN_TOKEN environment variable will be created automatically.
Next Steps
Now that you have a running Vertex Cluster, you can start integrating with it using the Vertex API Reference.
You can also use the HMAC Key Sharing SDK to split your API keys into shares and import them into the Vertex servers.
Production Deployment
For a production deployment, you can follow the deployment guide of the supported cloud providers: