Prerequisites
Sandbox
To integrate with the sandbox environment you will need:
- A secure email confirming your RTGS.global ID. Contact support@rtgs.com if you have not received this.
- Minimum Contributor access to an Azure Subscription.
- Three enabled Azure resource providers:
Microsoft.App,Microsoft.ContainerService, andMicrosoft.ServiceBus. - IP ranges coordinated with your network administrator for RTGS.global components.
Production
For production deployment, the following are additionally required:
- Your organisation's details submitted to the RTGS.global onboarding team.
- A decentralised identifier (DID) and verification key generated from a secure wallet seed (see Generating Security Credentials below).
- Completion of the production readiness checklist.
Networking
Each RTGS.global component requires dedicated IP ranges in CIDR notation. These cannot be changed after deployment.
| Component | Example CIDR |
|---|---|
| Network Connector | 10.1.0.0/24 |
| Signing | 10.2.0.0/21 |
| Gateway | 10.3.0.0/23 |
Coordinate these ranges with your network administrator before starting the deployment.
Generating Security Credentials
You must create a 32-character alphanumeric seed to back your wallet. A GUID without hyphens is recommended.
Important: Store this seed securely. RTGS.global cannot recover it if lost.
Run the following Docker command to derive your DID and verification key from the seed:
docker run --rm -it ghcr.io/indicio-tech/did-derive:latest from-seed '<seed>'
Submit the resulting DID and verification key to RTGS.global during onboarding.
Production Security Standards
- You must not directly expose RTGS.global components to the public internet.
- Maintain a dedicated Azure subscription.
- Restrict access via Azure Bastion.
- Implement Microsoft-recommended security controls including MFA and RBAC.
- Log, monitor, and investigate all failed login attempts.