@blockchainlabs/ibm-certificate-manager-wallet v0.0.4
certificate-manager-wallet
IBM Certificate Manager
The IBM Certificate Manager service allows developers and/or administrators upload and securely store SSL/TLS certificates and associated private keys. Applications can then securely retrieve these credentials via its API.
Before storing public certificates and private keys, the IBM Certificate Manager encrypts these artifacts using a symmetric key. The IBM Certificate Manager service leverages the Key Protect service for managing symmetric keys. It is also worth mentioning that Key Protect uses HSM for securely storing and protecting symmetric keys.
IBM Certificate Manager Wallet
This repository contains a Hyperledger Fabric wallet for the IBM Certificate Manager service. Please note that the main purpose of this repository is to support development and delivery engagements led by the Blockchain Labs organization. Other teams and organizations are more than welcome to leverage this asset as-is. Ideally, we would like to open source this reusable asset to the public community but our organization does not have the bandwidth to support the responsibilities and expected tasks that are implied when open sourcing a library.
This wallet allows Node.js applications to store and retrieve public certificates and private keys generated for Fabric identities. It conforms to the fabric-network Wallet interface.
The following are the main sections in this README file:
- Configuring IBM Certificate Manager as persistent store for Fabric credentials
- Configuring your Node.js application to use the IBM Certificate Manager wallet
- Usage
Configuring IBM Certificate Manager as persistent store for Fabric credentials
Create an IBM Certificate Manager service instance on the IBM Cloud
Log on to the IBM Cloud and create an IBM Certificate Manager service instance under the corresponding organization and environment (e.g. development, staging, etc.). For more information on creating an instance of the IBM Certificate Manager service, please see Getting started with IBM Certificate Manager.
An instance ID is associated with each IBM Certificate Manager instance. To retrieve the instance ID value for your service, select the corresponding IBM Certificate Manager service. Then click on Settings -> Instance Info tab, and copy the Service Instance CRN value.
Create a Service ID and API key to work with your IBM Certificate Manager instance
To authenticate with the IBM Certificate Manager service from an application, you must include an IBM Cloud IAM access token and the IBM Certificate Manager instance ID in every HTTP request.
To create Service ID and API key:
- Log into IBM Cloud, go to Manage -> Access (IAM), and select Service IDs.
- Click the Create button on the right.
- Give your service ID a name and description and click Create.
- Go to the API keys tab of your Service ID and click Create.
- Give your API key a name and description and click Create.
- IMPORTANT: Copy or download the API key. This will be the only time you can see it.
To assign an access policy to the API key:
- Go to the Access policies tab and click Assign Access.
- Select Assign access to resources.
- Select Certificate Manager from the drop down list.
- Select the corresponding IBM Certificate Manager instance and assign the following access roles:
Manager,WriterandReader. For more information on assigning access policies, please refer to Managing service access roles.
Configuring your Node.js application to use the IBM Certificate Manager Wallet
- From the root folder of your Node.js application, execute the following command:
npm i @blockchainlabs/ibm-certificate-manager-wallet --save
Usage
Please see the snippet of code below for an example on how to use this library in your Node.js application:
const CertificateManagerWallet = require('@blockchainlabs/ibm-certificate-manager-wallet');
const { X509WalletMixin } = require('fabric-network');
const cmWallet = new CertificateManagerWallet({
url: 'https://{region}.certificate-manager.cloud.ibm.com',
instanceId: '<instance id from step 1>',
apiKey: '<api key from step 2.6>',
});
// check if identity exists in wallet
const exists = await cmWallet.exists(id);
// import an identity
await cmWallet.import(id, X509WalletMixin.createIdentity(org, cert, key));
// list identities in wallet
const listOfIds = await cmWallet.list();
// delete an identity
await cmWallet.delete(id);
// export an identity
const identity = await cmWallet.export(id);To determine the region (e.g. us-south, eu-gb, etc.) for your IBM Certificate Manager instance, please see the IBM Cloud Certificate Manager API documentation.