Mediator Installation Guide

Installing and Configuring ACA-Py Mediator

This document will guide you through the steps to deploy and configure the Proven Mediator in Google Cloud using Indicio Proven ACA-Py Mediator from the GC Marketplace. The first part of this document is intended to be a “quick start” to get you up and running quickly, then you can look at the indicated appendices for more details if needed.

Get the most of your Indicio Proven ACA-Py Mediator

Indicio is here to help you on every step of your journey and is offering Google Cloud customers exclusive access and discounts to Indicio's expert support and training. Get your critical technical questions answered from our experienced support team. Help your development, sales, and marketing teams get up to speed with the fundamentals of the technology and communication of Trusted Digital Ecosystems by taking advantage of our instructor-led workshops and certifications from the Indicio Academy. Learn more about these exclusive discounts and benefits for Google Cloud customers and contact us today!

Prerequisites

  1. You will need a DNS name for your new mediator. This is mentioned before you begin as informational because you will probably want to create a static IP address during the installation process and because you will need the ability to add the DNS name to your registrar.

Create the VM instance (Defaults will work for all items not included in these instructions)

  1. Navigate to the Google Cloud Console, https://console.cloud.google.com/

  2. Select or create the project that you want the Mediator instance to reside in.

  3. In the Navigation Menu (top left), go to Compute Engine > VM Instances

  4. Click CREATE INSTANCE on the top bar

  5. From the left menu select Marketplace.

  6. In the Search Marketplace field type Proven and hit enter.

    1. Select Indicio Proven ACA-Py Mediator.

    2. Click GET STARTED then AGREE (as needed)

    3. Click DEPLOY (or LAUNCH) to configure your mediator VM.

  7. Change the Deployment name if desired.

  8. Select and Record your Zone choice for later use.

  9. Under Machine type choose a machine with at least 2 vCPU’s and 2G memory. For example:

    1. Set Series to E2

    2. Set Machine type to e2-small

  10. Under Boot Disk it is recommended to select a disk at least 10GB in size. (default)

  11. Under Networking -> External IP set a static IP address (recommended), this can also be done later if desired.

  12. Click DEPLOY.

  13. After deployment is complete, do the following from the right panel:

    1. Note the link for instructions for creating a static IP address if needed (on the right under “Suggested next steps”)

    2. Click on the instance name to bring up details about the Mediator instance you just deployed

    3. Click “edit”

    4. Scroll down to Networking and under Network interfaces -> Firewalls check the boxes that will allow HTTP and HTTPS traffic.

    5. Click SAVE

    6. Click VM instances

    7. Record the External IP address of your Mediator instance for later use. \

Configure DNS (see appendix A)

  1. Add a DNS entry for your new mediator.

Configure the VM

  1. SSH into the VM

    1. From Compute Engine > VM instances > [instance name] click SSH towards the top of the screen

  2. Change directories to the mediator service directory cd /opt/indicio/aries-mediator-service

  3. Configure the environment by doing the following: sudo cp .env.sample .env

  4. Edit the .env file to fit your environment:

MEDIATOR_CONTROLLER_ADMIN_API_KEY=<your choice> You can generate strong tokens for production with OpenSSL: openssl rand 32 -hex MEDIATOR_AGENT_ADMIN_API_KEY=<your choice> You can generate strong tokens for production with OpenSSL: openssl rand 32 -hex MEDIATOR_ALIAS= Can be any string. (e.g. MyProdMediator1) LOG_LEVEL= Can be ERROR, WARNING, or INFO, depending on your preference. Note: INFO level produces the largest log file. SITE_ADDRESS= This is the complete mediator DNS Name you configured in a previous step. MEDIATOR_URL= This is the same as SITE_ADDRESS, except add https:// to the front of it. EMAIL_ADDRESS= The email you want log information sent to. MEDIATOR_AGENT_LABEL= This is what you want the mediator name to show up as on other agents.

  1. Here is an example of a configured .env file using a local database: MEDIATOR_CONTROLLER_ADMIN_API_KEY=openssl-secure-key-a<br> MEDIATOR_AGENT_ADMIN_API_KEY=openssl-secure-key-b<br> MEDIATOR_ALIAS=Indicio Mediator<br> LOG_LEVEL=WARNING<br> SITE_ADDRESS=indiciomediator.dev.indiciotech.io<br> MEDIATOR_URL=https://indiciomediator.dev.indiciotech.io<br> [email protected]<br> MEDIATOR_AGENT_LABEL=IndicioMediator

  2. For instructions or help configuring the mediator to use a remote database, please contact [email protected], but to get started, please see the complete list of other possible config options in Appendix B.

  3. To start the Mediator, run these commands

    cd /opt/indicio/aries-mediator-service
    sudo docker-compose up

  1. For future starts/stops of your mediator you can use the mediator service. (The first time, you needed to run it manually from the command line so that you could see and copy the invitation as described in the next step.) sudo systemctl start mediator sudo systemctl stop mediator sudo systemctl restart mediator

Using your new mediator:

  1. You should see an Invitation URL in the mess of activity that occurs during startup. Just scroll up a ways and you will see it. Copy and save this invitation for later use.

    1. If you open the mediator link generated, you should see the following message:

      "You have received a connection invitation. To accept the invitation, paste it into your agent application."

  2. Update the configuration files of your agents to use the new mediator invitation. For example, to update a Proven issuer to use your new mediator:

    1. In the /opt/indicio/proven-release-docker/common-services.yml file change all instances of MEDIATOR_INVITE to be the new mediator invitation. Then run the following commands on the Proven Issuer server. docker-compose down -v docker-compose build docker-compose up

Appendix A - DNS Setup Example

To setup DNS for your new Mediator on Google’s Cloud DNS, (by creating a new subdomain of your existing domain) do the following:

  1. Go to GCP’s Cloud DNS section in Network services (Navigation Menu > Networking > Network Services > Cloud DNS)

  2. Click Create Zone if a new Zone is desired. Otherwise, if a zone is already created, click on the zone name then skip to step 3.

    1. Give the zone a name. This name is just how it will appear in the list and need not necessarily match the new subdomain.

    2. For **DNS name, **enter a new subdomain. (In the example configuration below, using the domain dev.indiciotech.io means we want to create a new dev subdomain of the existing indiciotech.io domain)

    3. Click Create

    4. To “activate” this new subdomain in GC, you need to register the subdomain in your existing domain (i.e. at your registrar).

      1. Click the name of the new zone you just created.

      2. Click on REGISTRAR SETUP (upper right of the screen) to find the items needing added to the new NS record, then add the domain’s DNS Name Server entries to your registrar.

  3. Click Add Standard

    1. Create a DNS Name for proven and record it for later use (e.g. mediator.dev.indiciotech.io)

    2. Defaults are ok

    3. Set the “IPv4 Address” to the “External IP address” of the VM you created earlier.

    4. Click “Create”

APPENDIX B - More .env Configuration Options

CA_CERT= This is the path to the SSL certificate for the remote database. You MUST specify a file, otherwise the mediator will not work at all if using a remote database. If you do not wish to use a certificate (they will not work with the setup detailed in this documentation), you will need to specify an empty file. Example: ./server-ca.pem POSTGRESQL_HOST= The hostname or ip address of the remote database. IP address will not work if you are using SSL, as SSL requires a FQDN. Postgresql options should not be set if using a local database. POSTGRESQL_USER= The username of an account on the remote database. This can be the same user as the Admin User. Postgresql options should not be set if using a local database. POSTGRESQL_PASSWORD= The password to the account on the remote database instance. MUST BE IN SINGLE QUOTES (eg: ‘samplepassword’) Postgresql options should not be set if using a local database. POSTGRESQL_ADMIN_USER= This is the username for the Administrator account on the remote database. It is “postgres” by default. Postgresql options should not be set if using a local database. POSTGRESQL_ADMIN_PASSWORD= This is the password for the Administrator account on the remote database. Postgresql options should not be set if using a local database. MEDIATOR_WALLET_NAME= Use a descriptive name MEDIATOR_WALLET_KEY= Use a secure string, we recommend a randomly generated 32 character string

Copyright 2025 Indicio PBC

PreviousProven Installation GuideNextNetwork Installs

Last updated

Was this helpful?