Required Encryption Keys

Several components of the Core configuration store sensitive data and require encryption keys to be provided. Without them, the Core will fail to initialize.

Encryption keys are required for all:

Key storage instances of type INTERNAL
OpenID4VCI issuance protocol instances

Generating keys

Keys must be a 32-byte hex-encoded value generated by a cryptographically secure tool. Using openssl:

openssl rand -hex 32

Generate a separate key for each configuration entry that requires one. Do not reuse keys across entries or across environments.

Example configuration

The following example uses environment variables:

ONE_keyStorage__INTERNAL__params__private__encryption="533c29f3942d824bc163dc91079d209566dff1b30679188d0f2317e6fa2c3bac"
ONE_issuanceProtocol__OPENID4VCI_FINAL1__params__private__encryption="5874564335f8b0865df744d86c8e2a7c90f223474c52a692953e1182a2b3457a"
ONE_issuanceProtocol__OPENID4VCI_FINAL1_HAIP__params__private__encryption="aec38cbd853fe1ffaadbc7f6b25cb1701910ee4af39cfade18c4bd19e1c9fd13"
ONE_issuanceProtocol__OPENID4VCI_FINAL1_SWIYU__params__private__encryption="aec38cbd853fe1ffaadbc7f6b25cb1701910ee4af39cfade18c4bd19e1c9fd13"

Generating keys​

Example configuration​

Generating keys

Example configuration