go get


Build Status

Identity Vault

A Go web service that digitally signs device assertion details.


Go get it:

  $ go get

Configure it:

  • Install PostgreSQL and create a database.
  • Set up the config file, using settings.yaml as a guide.
  • Create the database tables: bash $ cd identity-vault $ go run tools/createdb.go

Run it:

  $ cd identity-vault
  $ go run server.go -config=/path/to/settings.yaml -mode=signing

The application has an admin service that can be run by using mode=admin.

Try with docker

  $ git clone
  $ cd identity-vault/
  $ docker-compose up
  # remove containers after try
  $ docker-compose rm

Development Environment

Install Go

Follow the instructions to install Go.

Install the React development environment


  • Install the build packages
sudo apt-get install build-essential libssl-dev
# For TPM2.0
sudo apt-get install tpm2-tools
  • Install NVM Install the Node Version Manager that will allow a specific version of Node.js to be installed. Follow the installation instructions.

  • Install the latest stable Node.js and npm The latest stable (LTS) version of Node can be found on the Node website.

# Overview of available commands
nvm help

# Install the latest stable version
nvm install v4.4.3

# Select the version to use
nvm ls
nvm use v4.4.3

# Install gulp globally
npm install -g gulp
  • Install the nodejs dependencies
cd identity-vault
npm install

Working with React

Build the project bundle

# Select the version to use
nvm ls
nvm use v4.4.3

Run the tests

npm test

API Methods

/1.0/version (GET)

Return the version of the identity vault service.

Output message

  • version: the version of the identity vault service (string)

/1.0/models (GET)

Return the available models from the identity vault.

Output message

  "success": true,
  "message": "",
  "models": [
    "brand-id": "System",
    "model": "DroidBox 2400",
    "type": "device",
    "revision": 2
    "brand-id": "System",
    "model": "DroidBox 1200",
    "type": "device",
    "revision": 1
    "brand-id": "System",
    "model": "Drone 1000",
    "type": "device",
    "revision": 4
  • success: whether the request was successful (bool)
  • message: error message from the request (string)
  • models: the list of available models (array)

/1.0/sign (POST)

Clear-sign the device identity details.

Takes the details from the device, formats the data and clear-signs it.

Input message

The message must be the serial assertion format and is best generated using the snapd libraries.

type: serial
authority-id: System
brand-id: System Inc.
model: Router 3400
revision: 12
serial: A1228M\L
timestamp: 2016-01-02T15:04:05Z
device-key: openpgp WkUDQbqFCKZBPvKbwR...

openpgp mQINBFaiIK4BEADHpUm...
  • brand-id: the Account ID of the manufacturer (string)
  • model: the name of the device (string)
  • serial: serial number of the device (string)
  • device-key: the type and public key of the device (string)
  • revision: the revision of the device (integer)
  • signature: the signed data

Output message

The method returns a signed serial assertion using the key from the vault.