https://github.com/0xsequence/identity-instrument
Identity Instrument is a simple service that runs inside a secure TEE (Trusted Execution Environment) enclave and maps Web2 credentials (email, social) to Web3 EOA wallets
https://github.com/0xsequence/identity-instrument
Last synced: 17 days ago
JSON representation
Identity Instrument is a simple service that runs inside a secure TEE (Trusted Execution Environment) enclave and maps Web2 credentials (email, social) to Web3 EOA wallets
- Host: GitHub
- URL: https://github.com/0xsequence/identity-instrument
- Owner: 0xsequence
- Created: 2025-01-14T01:32:28.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2025-12-04T11:46:55.000Z (6 months ago)
- Last Synced: 2025-12-05T14:58:49.070Z (6 months ago)
- Language: Go
- Homepage: https://sequence.xyz/products/wallets
- Size: 19.8 MB
- Stars: 0
- Watchers: 10
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Identity Instrument
Identity Instrument is a simple service that runs inside a secure TEE (Trusted Execution Environment) enclave and maps Web2 credentials (email, social) to Web3 EOA wallets. It powers the authentication for [Sequence Ecosystem Wallets](https://docs.sequence.xyz/solutions/wallets/ecosystem/overview).
## Enclave verification
Switch to the version currently running in production:
```
git checkout $(curl --silent https://waas.sequence.app/status | jq -r .ver)
```
Ensure the version matches what you expect. E.g. [compare with the published releases](https://github.com/0xsequence/identity-instrument/releases).
Then, run the verification script:
```
./verify.sh
```
You can configure it by passing environment variables:
- `ENV` - `prod` or `dev` (identifies which file in `etc/` is used for building the EIF)
- `URL` - where to fetch the deployed service's attestation from
- `VERSION` - the version to be included in the EIF (default: current git tag)
- `PCR0` - the expected PCR0, overriding the PCR0 from the build (e.g. all dev enclaves will report `000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000`)
## Local development
Copy sample `.env.sample` to `.env`. This sample environment config enables `OTP` and a generic `IDToken` authentication flows. To make Google/Apple auth work, edit the file with your Google/Apple client details.
Run the service with all dependencies:
```
make up
```
(Please note that this requires Docker installed and running.)
This starts the following containers:
- `nitro`: Identity Instrument itself
- `ingress`: a basic ingress proxy that handles CORS and decorates requests with required HTTP headers
- `localstack`: local AWS services (DynamoDB, KMS, SES), see https://www.localstack.cloud/
- `builder-mock`: a mock [Sequence Builder](https://sequence.build/) service, used by Identity Instrument for email message generation
All data, including signers, is ephemeral and lost when the containers stop. Make sure you don't depend on stable EOA addresses.
### View sent emails
All OTP emails sent by Identity Instrument are stored by `localstack`. Run the following command to retrieve them:
```
curl --silent 'localhost.localstack.cloud:4566/_aws/ses?email=noreply@local.auth.sequence.app' | jq .
```