Desmos is a data replication service designed for DOME Access Nodes. It synchronizes NGSI-LD entities between distributed nodes, leveraging DLT for secure, auditable transactions. The service integrates with the Scorpio Context Broker and exposes a REST API for replication management.
Key Capabilities:
- Data replication across DOME Access Nodes
- Integration with Scorpio Context Broker (NGSI-LD)
- Secure, verifiable transactions via DLT
- REST API for replication management
- Overview
Before configuring Desmos, ensure you have:
- ✅ Docker & Docker Compose installed and running
- ✅ LEARCredentialMachine issued by your Legal Entity Appointed Representative (LEAR) in your DOME Wallet
- ✅ Public domain with valid TLS certificates (HTTPS) for production deployments
- ✅ Basic understanding of Docker Compose networking and environment variables
Request a LEARCredentialMachine from your organization's Legal Entity Appointed Representative (LEAR). This credential:
- Contains your organization's DID (Decentralized Identifier)
- Includes private key for authentication
Use the DOME Access Node Key Generator to generate your DLT address and other cryptographic keys.
- Navigate to the DOME Access Node Key Generator
- Enter your DID key from the LEARCredentialMachine
- Generate and securely store the following:
- DLT Private Key
- DLT Address
- DLT ISS
Screenshots:
Caution
CRITICAL: Secure Key Storage Your private keys cannot be recovered if lost. Store them securely using:
- Hardware security modules (HSM)
- Secure password managers (e.g., 1Password, Bitwarden)
- Dedicated secrets vaults (e.g., HashiCorp Vault, AWS Secrets Manager)
Never:
- Commit keys to version control
- Share keys via email or chat
- Store in plain text files on shared systems
Register your organization and service with the DOME Trust Framework for your target environment.
Add your organization to the Trusted Access Node List following the DOME Trust Framework instructions.
| Links |
|---|
| SBX |
| DEV |
| PRD |
YAML Template:
# Add to the Trusted Access Node List
- name: <organization_name>
dlt_address: <dlt_address>Placeholder values:
<organization_name>: Your legal organization name<dlt_address>: DLT address from Step 2
Example:
- name: "Acme Corporation"
dlt_address: "0x1234567890abcdef1234567890abcdef12345678"Add your Desmos service to the Trusted Services List following the DOME Trust Framework instructions.
| Links |
|---|
| SBX |
| DEV |
| PRD |
YAML Template:
# Add to the Trusted Services List
- clientId: "<did:key>"
redirectUris: [ ]
scopes: [ ]
clientAuthenticationMethods: [ "client_secret_jwt" ]
authorizationGrantTypes: [ "client_credentials" ]
postLogoutRedirectUris: [ ]
requireAuthorizationConsent: false
requireProofKey: false
jwkSetUrl: "https://verifier.dome-marketplace-<env>.org/oidc/did/<did:key>"
tokenEndpointAuthenticationSigningAlgorithm: "ES256"Note
Replace <did:key> with the DID key of your LEARCredentialMachine.
Replace <env> with the environment.
Edit the .env.desmos file in the repository root to configure Desmos for your environment.
| Variable | Description | Example Value |
|---|---|---|
SPRING_PROFILES_ACTIVE |
Environment profile (see mapping below) | dev |
OPERATOR_ORGANIZATION_IDENTIFIER |
Your organization's DID from LEARCredentialMachine | did:key:zDnaei... |
API_EXTERNAL_DOMAIN |
Public HTTPS URL for your Desmos API | https://desmos.example.org |
Choose the correct Spring profile for your target DOME environment:
Desmos Profile (SPRING_PROFILES_ACTIVE) |
DOME Environment(GitOps) | Description |
|---|---|---|
dev |
sbx (Sandbox) | Development/integration testing environment |
test |
dev (Development) | QA environment |
prod |
prd (Production) | Production environment |
Sandbox (Development):
# Spring profile for sandbox environment
SPRING_PROFILES_ACTIVE=dev
# Organization DID from LEARCredentialMachine
OPERATOR_ORGANIZATION_IDENTIFIER=did:key:zDnaeiLh8uXoVh7Zz5e2s9v1a2b3c
# Public domain (use localhost for local testing)
API_EXTERNAL_DOMAIN=https://desmos-sandbox.example.orgProduction:
# Spring profile for production environment
SPRING_PROFILES_ACTIVE=prod
# Organization DID from LEARCredentialMachine
OPERATOR_ORGANIZATION_IDENTIFIER=did:key:zDnaeiLh8uXoVh7Zz5e2s9v1a2b3c
# Public domain with valid TLS certificates
API_EXTERNAL_DOMAIN=https://desmos.example.orgDatabase and broker configurations are pre-configured in
.env.desmosfor the Docker Compose environment. Review these settings if you need custom configurations.
Add secrets to provide sensitive credentials.
| Variable | Description | Source |
|---|---|---|
SECURITY_PRIVATE_KEY |
Private key for cryptographic signing | Generated in Step 2 |
SECURITY_LEAR_CREDENTIAL_MACHINE_IN_BASE64 |
Base64-encoded LEARCredentialMachine | From your wallet (Step 1) |
Private Key:
# Private key from DOME Key Generator (Step 2)
SECURITY_PRIVATE_KEY=0xabc123def456789...LEARCredentialMachine (Base64):
# Encode your LEARCredentialMachine to base64
$ cat lear-credential.json | base64 -w 0# Paste the base64-encoded credential
SECURITY_LEAR_CREDENTIAL_MACHINE_IN_BASE64=ZXlKaGJHY2lPaUpJVXpJMU5pSXNJbXRwWkNJNkltRjFZV3h6SWpwN0ltbGtJam9pYkd4aGJtNWxJam9pT0RZME5Ea3hOakV3TWpBeE1...Once configuration is complete, deploy the Desmos service using Docker Compose.
# Start all Access Node services (including Desmos)
docker compose up -d# Follow Desmos logs
docker compose logs -f desmos# Stop all services
docker compose down
# Stop services and remove volumes (CAUTION: deletes database)
docker compose down -vVerify that Desmos is running correctly:
# Health check endpoint
curl http://localhost:8080/health
# Expected response:
# {"status":"UP"}# Verify container is running
docker compose ps desmos
# Expected output:
# NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
# desmos in2workspace/in2-desmos-api:v2.0.3 ... desmos ... Up 2 min 8080/tcpTip
Successful startup logs should include:
- ✅ Started DesmosApplication in X.XXX seconds
- ✅ Netty started on port 8080
- ✅ Database migration completed successfully
- ✅ Connected to Context Broker (Scorpio)
- ✅ Connected to DLT Adapter
If Caddy is running, test the external endpoint:
# Via Caddy reverse proxy
curl http://localhost/desmos/healthSymptom:
Error: Connection refused - postgis:5432
Solutions:
- Ensure PostgreSQL is running:
docker compose ps postgis - Check database initialization:
docker compose logs postgis - Confirm the network connectivity:
docker compose exec desmos ping postgis
Symptom:
Error: Invalid private key format Error: Failed to decode LEAR credential
Solutions:
-
Private key: Must start with
0xand be a valid hexadecimal string# Valid format example: SECURITY_PRIVATE_KEY=0x1234567890abcdef... -
Base64 credential: Ensure no line breaks or whitespace
# Encode without line wrapping: cat lear-credential.json | base64 -w 0
-
Verify credentials are from the correct environment (sandbox vs production)
Symptom:
Error: Connection timeout - dlt-adapter-alastria:8080 Error: DLT transaction failed
Solutions:
- Verify DLT Adapter is running:
docker compose ps dlt-adapter-alastria - Check DLT Adapter logs:
docker compose logs dlt-adapter-alastria - Confirm network connectivity:
docker compose exec desmos curl http://dlt-adapter-alastria:8080/health - Verify your DLT address is registered in the Trusted Access Node List
Symptom:
Error: Required property 'OPERATOR_ORGANIZATION_IDENTIFIER' is not set
Solutions:
- Verify
.env.desmosexists and is properly formatted - Check for typos in variable names
- Ensure no trailing spaces or quotes around values
- Confirm
.secrets.desmosis loaded (see Step 5 note aboutenv_file) - Restart the container after configuration changes:
docker compose restart desmos
Symptom:
Error: Bind for 0.0.0.0:8080 failed: port is already allocated
Solutions:
- Stop conflicting services or change Desmos port in
compose.yaml - Use the Caddy proxy instead of exposing Desmos directly
- Check for other services using port 8080:
netstat -tulpn | grep 8080
- Main README — Access Node Docker Compose architecture and service catalog
- DOME Trust Framework — Registration and trust model documentation
- Scorpio Context Broker — NGSI-LD entity management
- compose.yaml — Full service definitions and configuration
- Caddyfile — Reverse proxy routing configuration
For issues or questions:
- Check logs:
docker compose logs desmos - Review configuration: Verify all environment variables and secrets
- Consult DOME Trust Framework: Ensure proper registration
- GitHub Issues: Report bugs or request features at the project repository
Last Updated: March 5, 2026
Desmos Version: v2.0.3
Docker Compose Version: Compatible with Docker Compose v2.x