A collection of setup paths for the stack: VTA, WebVH, and the DIDComm Mediator.
The goal is to document every realistic combination of setup type, transport, mode, and deployment environment so that anyone — from a first-time developer to an ops team deploying to production — can find a tested, reproducible path.
Get up and running in two steps: pick a deployment environment, then pick a scenario.
Set up your target infrastructure first. Each guide covers provisioning, DNS, and service installation.
| Environment | Guide | Best for |
|---|---|---|
| Local Dev | D01 — Local Dev | Development and testing on a laptop |
| Ubuntu Server | D02 — Ubuntu Server | Single-server staging or production |
| Kubernetes | D03 — Kubernetes | Scalable production clusters |
| AWS EC2 / VPS | D04 — AWS EC2 | Cloud-hosted virtual machines |
Once your environment is running, pick the combination of setup type, transport, and mode that fits your use case. Not sure which to pick? See The Four Dimensions for a decision flowchart.
| REST | REST | DIDComm | DIDComm | |
|---|---|---|---|---|
| Interactive | Non-interactive | Interactive | Non-interactive | |
| Online VTA | S01 | S02 | S03 | S04 |
| Offline VTA | S05 | S06 | S07 | S08 |
| Self-Managed | S09 | S10 | S11 | S12 |
graph TB
subgraph VTI["Verifiable Trust Infrastructure (VTI)"]
VTA["VTA Service\n(master key store, DIDs, ACL)"]
WebVH["WebVH Service\n(did:webvh hosting)"]
MED["DIDComm Mediator\n(message relay)"]
end
CLI["PNM / CNM CLI\n(operator tooling)"]
APP["3rd-party App\n(vta-sdk integration)"]
CLI -->|"REST / DIDComm"| VTA
APP -->|"REST / DIDComm"| VTA
VTA -->|"provisions context + keys"| WebVH
VTA -->|"provisions context + keys"| MED
MED -->|"resolves DIDs via"| WebVH
APP -->|"sends / receives messages"| MED
| Component | Repo | Role |
|---|---|---|
| VTA | OpenVTC/verifiable-trust-infrastructure | Master key store — manages BIP-39 seed, DIDs, contexts, and ACL |
| WebVH | affinidi/affinidi-webvh-service | Hosts did:webvh DID documents publicly |
| Mediator | affinidi/affinidi-tdk-rs · affinidi-messaging-mediator | DIDComm v2 relay and message routing |
Every setup path is defined by four independent choices:
mindmap
root((VTI Setup))
Setup Type
Online VTA
Offline VTA
Self-Managed
Transport
REST
DIDComm
Mode
Interactive
Non-interactive
Deployment
Local Dev
Ubuntu Server
Kubernetes
EC2 / VPS
| # | Dimension | Options | Notes |
|---|---|---|---|
| 1 | Setup Type | Online VTA · Offline VTA · Self-Managed | How Mediator and WebVH interact with the VTA |
| 2 | Transport | REST · DIDComm | Protocol used to talk to the VTA |
| 3 | Mode | Interactive · Non-interactive | Human in the loop vs fully scripted |
| 4 | Deployment | Local Dev · Ubuntu Server · Kubernetes · EC2/VPS | Runtime environment — affects keyring availability |
flowchart TD
Q1{"Is the VTA\nreachable?"}
Q2{"Do you have a VTA\nbut it is not reachable\nat setup time?"}
ONLINE["① Online VTA\nVTA is running and reachable.\nServices connect to it directly\nfor key issuance and DID management."]
OFFLINE["② Offline VTA\nVTA exists but is unreachable\n(air-gapped or bootstrapping).\nVTA wizard runs offline;\nservices import pre-generated bundles."]
SELF["③ Self-Managed\nNo VTA involved.\nMediator and WebVH operate\nindependently and manage\ntheir own keys."]
Q1 -->|Yes| ONLINE
Q1 -->|No| Q2
Q2 -->|Yes| OFFLINE
Q2 -->|No| SELF
Each scenario file follows a common template:
- Prerequisites — what must be in place before you start
- Environment — which deployment this was tested on
- Steps — numbered, reproducible commands
- Verification — how to confirm it worked
- Known issues — edge cases encountered during testing
If you have tested a path, please open a PR filling in the corresponding scenario file and deployment notes.