The Experian Knowledge Based Verification (KBV) Credential Issuer (CRI) gives users a way to prove their identity by answering a series of questions which only they should know. The RFC can be found here. In the case of the Experian KBV CRI, this involves questions about the user’s financial and credit history. For example, "What was the amount of you last mortgage payment".
Information about working with Experian KBV CRI API can be found here.
important: Once you've cloned the repo, run pre-commit install to install the pre-commit hooks.
If you have not installed pre-commit then please do so here.
Ensure that you are using the java version specified in
.sdkmanrc.
Build with ./gradlew
This will run "build", "test", "buildZip", and "spotLess" reformatting
Ensure you have the sam-cli and gds-cli installed, and that you can assume an admin role on the di-ipv-cri-dev AWS account.
Alternatively you can create a sso profile
Deploy to the dev environment with:
gds aws di-ipv-cri-kbv-dev -- ./deploy.sh would create a stack using defaults
or using sso profile for di-ipv-cri-kbv-dev
AWS_PROFILE=profile-name-you-created di-ipv-cri-kbv-dev -- ./deploy.sh
Override by supply a preferred stack name in place of your-stack-name below, the CommonStackName and SecretPrefix
gds aws di-ipv-cri-kbv-dev -- ./deploy.sh your-stack-name your-common-stack-name your-secret-prefix
AWS_PROFILE=profile-name-you-created ./deploy.sh your-stack-name your-common-stack-name your-secret-prefix
When deploying using sam deploy, canary deployment strategy will be used which is set in LambdaDeploymentPreference in template.yaml file.
When deploying using the pipeline, canary deployment strategy set in the pipeline will be used and override the default set in template.yaml.
Canary deployments will cause a rollback if any canary alarms associated with a lambda are triggered.
To skip canaries such as when releasing urgent changes to production, set the last commit message to contain either of these phrases: [skip canary], [canary skip], or [no canary] as specified in the Canary Escape Hatch guide.
git commit -m "some message [skip canary]"
Note: To update LambdaDeploymentPreference, update the LambdaCanaryDeployment pipeline parameter in the identity-common-infra repository. To update the LambdaDeploymentPreference for a stack in dev using sam deploy, parameter override needs to be set in the deploy script.
--parameter-overrides LambdaDeploymentPreference=<define-strategy> \
Automated GitHub actions deployments have been enabled on this repository.
The automated deployments are triggered on a push to main after PR approval.
Required GitHub secrets:
Pre merge integration tests
| Secret | Description |
|---|---|
| AWS_CONFIG_BUCKET | Bucket where integration code is pushed for deployment |
| AWS_PROFILE_PATH | Parameter Store path to the signing profile versioned ARN |
| AWS_ROLE_ARN | Assumed role IAM ARN |
| AWS_ROLE_SESSION | Assumed Role Session ID |
Deployment to Dev:
| Secret | Description |
|---|---|
| DEV_ARTIFACT_SOURCE_BUCKET_NAME | Bucket where lambda code is pushed for deployment |
| DEV_SIGNING_PROFILE_NAME | The AWS signer signing profile name |
| DEV_GH_ACTIONS_ROLE_ARN | Assumed role IAM ARN |
Deployment to Build:
| Secret | Description |
|---|---|
| BUILD_ARTIFACT_SOURCE_BUCKET_NAME | Bucket where lambda code is pushed for deployment |
| BUILD_SIGNING_PROFILE_NAME | The AWS signer signing profile name |
| BUILD_GH_ACTIONS_ROLE_ARN | Assumed role IAM ARN |
| Parameter | Description |
|---|---|
/alerting/email-address |
email address to receive alerts |
The command below runs using https://cri.core.build.stubs.account.gov.uk in AWS with stub client ID ipv-core-stub-aws-prod.
Optionally set a value for TEST_RESOURCES_STACK_NAME if you have deployed a local test resources stack and want to override the default stack named test-resources.
ENVIRONMENT=localdev STACK_NAME=<your-stack> API_GATEWAY_ID_PRIVATE=<from-your-stack> API_GATEWAY_ID_PUBLIC=<from-your-stack> IPV_CORE_STUB_CRI_ID=kbv-cri-dev IPV_CORE_STUB_BASIC_AUTH_USER=xxxx IPV_CORE_STUB_BASIC_AUTH_PASSWORD=xxxx IPV_CORE_STUB_URL=https://cri.core.build.stubs.account.gov.uk DEFAULT_CLIENT_ID=ipv-core-stub-aws-prod APIGW_API_KEY=xxxx TEST_RESOURCES_STACK_NAME= gradle integration-tests:cucumber