Deployment
The VPN integration requires two components: the RTGS.global Signing module and a VPN client.
RTGS.global Signing Module
The Signing module consists of three integrated elements:
- Admin agent — handles internal calls
- DIDComm agent — handles webhook callbacks
- Signing API — exposes the signing and verification endpoints
Docker images are available from the Azure public container registry. Authenticate with:
az acr login --name rtgspublic
Docker Compose
Launch all services with a single command:
docker compose up --pull always --wait --detach
The Signing API will be accessible at http://localhost:8081/swagger once running.
Helm (Kubernetes)
For Kubernetes deployments, provide the following values in your Helm configuration:
- Wallet seeds
- Environment name
- RTGS.global identifiers
- PostgreSQL credentials
- Genesis URL and TAA version (different values for sandbox vs production)
Note: The DIDComm agent receives encrypted callbacks from other agents on the network and must be accessible from the internet. The Signing API does not require external access and should be kept private.
VPN Client
The VPN establishes an encrypted site-to-site connection using IPsec IKEv2 between RTGS.global's Azure infrastructure and your network.
| Platform | Approach |
|---|---|
| AWS | Site-to-site VPN using Customer Gateway and Virtual Private Gateway |
| GCP | Static VPN configuration |
| On-Premise | Custom solution — coordinate with your RTGS.global technical contact |