> ## Documentation Index
> Fetch the complete documentation index at: https://cantor8.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Setup & deployment
> Everything you need to set up and run C8 Enterprise Wallet with Docker Compose.
This guide walks you through the technical onboarding for C8 Enterprise Wallet — what to share with the C8 team, what you'll receive in return, and how to bring the service up with Docker Compose.
## Before you begin
To get started, share the following with the C8 team:
* Your DockerHub username
The C8 team will then provide:
* Access to the C8 DockerHub repository
* Integration credentials:
* `client_id`
* `access_key_id`
* `secret_access_key`
* A coupon code for MainNet registration
You will also need the following on the deployment host:
* Docker Compose
* A 24-word BIP39 mnemonic phrase that you generate yourself (see [Generate a BIP39 mnemonic](#1-generate-a-bip39-mnemonic) below)
**Self-custody notice.** C8 Enterprise Wallet is self-custodial. You must generate and securely store the wallet mnemonic phrase during deployment.
If the mnemonic phrase is lost, C8 cannot recover accounts or funds.
## Deployment flow
The full deployment is a five-step sequence. Each step is described in detail below.
Create the 24-word phrase that backs the self-custodial wallet.
Define `WALLET_MNEMONIC`, `CLIENT_ID`, backend URLs, and auth/batch settings in `.env`.
Fill in the C8-provided image in `docker-compose-client.yml`.
Start the container with the CloudWatch logging parameters.
Open Swagger UI and confirm the API is reachable.
## 1. Generate a BIP39 mnemonic
Generate a random 24-word BIP39 mnemonic phrase.
Using `bip39`:
```bash theme={null}
npm install -g bip39
bip39 generate --words=24
```
Or using `bitcoin-cli`:
```bash theme={null}
brew install bitcoin
bitcoin-cli mnemonic new 24
```
Store the mnemonic securely. Do not commit it to source control.
## 2. Create the environment file
Create a `.env` file next to `docker-compose-client.yml`:
```bash .env theme={null}
WALLET_MNEMONIC=
CLIENT_ID=
BACKEND_URL=https://wallet-backend.main.digik.cantor8.tech/api
IDENTITY_SERVICE_URL=https://id.cantor8.tech
SCANNER_API_BASE_URL=https://scanner-ledger-history-server.main.digik.cantor8.tech
AUTH_TYPE=noop
AUTO_BATCH_SWITCH=false
AUTO_BATCH_DB_TYPE=in-memory
```
`AUTH_TYPE=noop` disables authentication for the wallet API. With this setting, all API endpoints are exposed without authentication.
For production deployments, C8 can provide Keycloak or Auth0 configuration. When identity-provider authentication is enabled, all C8 Enterprise Wallet API endpoints expect a valid JWT token from the configured IdP.
## 3. Prepare Docker Compose
Use the provided `docker-compose-client.yml` template and set the `image` value to the DockerHub image shared by C8:
```yaml docker-compose-client.yml theme={null}
services:
enterprise-wallet:
image: "/:"
container_name: c8-enterprise-wallet
restart: unless-stopped
env_file:
- .env
ports:
- "8080:8080"
logging:
driver: awslogs
options:
awslogs-region: ${AWS_REGION}
awslogs-group: ${CLOUDWATCH_LOG_GROUP}
awslogs-stream: ${CLOUDWATCH_LOG_STREAM}
awslogs-endpoint: ${CLOUDWATCH_ENDPOINT}
```
## 4. Deploy
Run Docker Compose with the CloudWatch logging parameters provided during integration:
```bash theme={null}
AWS_REGION=eu-west-1 \
CLOUDWATCH_LOG_GROUP=enterprise-wallet \
CLOUDWATCH_LOG_STREAM= \
CLOUDWATCH_ENDPOINT=https://logs.eu-west-1.amazonaws.com \
AWS_ACCESS_KEY_ID= \
AWS_SECRET_ACCESS_KEY= \
docker compose -f docker-compose-client.yml up --force-recreate
```
To run the wallet in the background, add `-d`:
```bash theme={null}
AWS_REGION=eu-west-1 \
CLOUDWATCH_LOG_GROUP=enterprise-wallet \
CLOUDWATCH_LOG_STREAM= \
CLOUDWATCH_ENDPOINT=https://logs.eu-west-1.amazonaws.com \
AWS_ACCESS_KEY_ID= \
AWS_SECRET_ACCESS_KEY= \
docker compose -f docker-compose-client.yml up -d --force-recreate
```
## 5. Verify the deployment
After deployment, open Swagger UI:
```text theme={null}
http://:8080/docs
```
The public API documentation is also available at:
```text theme={null}
https://cantor8.github.io/wallet-api/
```
## API account creation
When creating new accounts through the API, include the `coupon` parameter:
```json theme={null}
{
"coupon": ""
}
```
The exact value will be provided during integration.
## Configuration reference
| Parameter | Description |
| ----------------------- | -------------------------------------------------------- |
| `WALLET_MNEMONIC` | 24-word BIP39 mnemonic used by the self-custodial wallet |
| `CLIENT_ID` | Client identifier provided by C8 |
| `BACKEND_URL` | C8 wallet backend API URL |
| `IDENTITY_SERVICE_URL` | C8 identity service URL |
| `SCANNER_API_BASE_URL` | C8 scanner / ledger history server URL |
| `AUTH_TYPE` | API authentication mode. `noop` disables authentication |
| `AUTO_BATCH_SWITCH` | Enables or disables auto-batching |
| `AUTO_BATCH_DB_TYPE` | Auto-batching storage type, for example `in-memory` |
| `AWS_REGION` | AWS region used for CloudWatch logs |
| `CLOUDWATCH_LOG_GROUP` | CloudWatch log group name |
| `CLOUDWATCH_LOG_STREAM` | CloudWatch log stream name, usually the client ID |
| `CLOUDWATCH_ENDPOINT` | CloudWatch Logs endpoint |
| `AWS_ACCESS_KEY_ID` | AWS access key ID provided during integration |
| `AWS_SECRET_ACCESS_KEY` | AWS secret access key provided during integration |
## Security notes
* Keep `.env`, mnemonic phrases, and AWS credentials out of source control.
* Use `AUTH_TYPE=noop` only in controlled environments.
* Prefer IdP-backed API authentication for production deployments.
* Rotate integration credentials according to your organization security policy.
## Try it on DevNet
Want to try the wallet before going to production? You can point it at the C8 DevNet environment.
1. In your `.env`, set the following URLs:
```bash .env theme={null}
BACKEND_URL=https://wallet-backend.dev.digik.cantor8.tech/api
IDENTITY_SERVICE_URL=https://id.dev.digik.cantor8.tech
```
2. On DevNet, you don't need a signup coupon to register new accounts — just omit the `coupon` parameter when creating accounts through the API.