Clients using privacy-preserving (blinded) mode will have their own local hashing service instance. This service takes unblinded demographics information and returns a hashed payload for use with the blinded Identity API methods. See Privacy-Preserving (Blinded) Mode for details.
This article describes how to host and install your own copy of the local hashing service.
The local hashing service is provided as a stand alone web service via a docker image in Docker Hub.
If you have Docker installed, you can pull the service for local testing using:
docker pull careevolution/bmpi-hashing-service
The Docker service lets you configure which port(s) are available:
Port | Description |
---|---|
7001 | HTTPS with a self-signed certificate |
7002 | HTTP |
Additionally there are several environment variables you will need to configure:
Environment Variable | Description |
---|---|
HASH__KEY |
The key value provided to you by CareEvolution. |
Logging__Console__FormatterName |
Set to json for machine-readable JSON logs, simple for human readable logs. |
A sample docker-compose.yaml configuration is shown below.
services:
bmpi-hashing-service:
image: careevolution/bmpi-hashing-service:latest
ports:
# HTTPS port (using a self-signed certificate)
- "7001:7001"
# HTTP port
- "7002:7002"
environment:
# set HASH__KEY to the value provided to you by CareEvolution. Note the double underscore in the name
HASH__KEY: "${HASH__KEY}"
# this make the logs a nice human readable format, remove it or set the value to "json" for machine-readable logs
Logging__Console__FormatterName: "simple"
# prevent the user that runs the hashing service from having unneeded permissions
cap_drop:
- ALL
The following table shows all endpoints available on the hashing service. All endpoints are available on both the HTTP and HTTPS ports.
URL | Description |
---|---|
/hash | Get a hashed demographic object |
/ready | HTTP health check |
/swagger | HTML view of Swagger documentation |
/swagger/v1/swagger.json | OpenAPI v3 documentation |
/metrics | Prometheus metrics for monitoring |
The local hashing service generates run-time metrics using Prometheus so that you can monitor your instance(s) for health, performance, load, etc. Point your metrics collector to /metrics
.
The local hashing service writes JSON logs to STDOUT and should be available in whatever hosting solution you use. To generate logs in a human friendly format, set the Logging__Console__FormatterName
environment variable to simple
(as shown in the docker-compose.yaml
above).