Identity Instrument is a simple service that runs inside a secure TEE (Trusted Execution Environment) enclave and maps Web2 credentials (email, social) to Web3 EOA wallets. It powers the authentication for Sequence Ecosystem Wallets.
Switch to the version currently running in production:
git checkout $(curl --silent https://waas.sequence.app/status | jq -r .ver)
Ensure the version matches what you expect. E.g. compare with the published releases.
Then, run the verification script:
./verify.sh
You can configure it by passing environment variables:
ENV-prodordev(identifies which file inetc/is used for building the EIF)URL- where to fetch the deployed service's attestation fromVERSION- the version to be included in the EIF (default: current git tag)PCR0- the expected PCR0, overriding the PCR0 from the build (e.g. all dev enclaves will report000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
Copy sample .env.sample to .env. This sample environment config enables OTP and a generic IDToken authentication flows. To make Google/Apple auth work, edit the file with your Google/Apple client details.
Run the service with all dependencies:
make up
(Please note that this requires Docker installed and running.)
This starts the following containers:
nitro: Identity Instrument itselfingress: a basic ingress proxy that handles CORS and decorates requests with required HTTP headerslocalstack: local AWS services (DynamoDB, KMS, SES), see https://www.localstack.cloud/builder-mock: a mock Sequence Builder service, used by Identity Instrument for email message generation
All data, including signers, is ephemeral and lost when the containers stop. Make sure you don't depend on stable EOA addresses.
All OTP emails sent by Identity Instrument are stored by localstack. Run the following command to retrieve them:
curl --silent 'localhost.localstack.cloud:4566/_aws/[email protected]' | jq .