LogoLogo
Explore with DeepWikiJoin Slack CommunityContact Us
  • About Hyperswitch
    • Introduction
    • Payments Suite
    • Payments Modules
      • Cost Observability
      • Revenue Recovery
      • Vault
        • Server to Server Vault tokenization
        • Vault SDK Integration
      • Intelligent Routing
      • Reconciliation
        • Getting Started with Recon
      • Alternate Payment Method Widgets
        • Hyperwidget Integration Guide
    • Roadmap - Q2 2025
      • Previous Roadmap - Q1 2025
      • Previous Roadmap - Q4 2024
      • Previous Roadmap - Q3 2024
      • Previous Roadmap - Q2 2024
      • Previous roadmap - Q1 2024
      • Previous roadmap - Q4 2023
  • Use-Cases
    • For SaaS Businesses
    • For B2B SaaS Businesses
    • For E-Commerce Businesses
    • For Marketplace/Platforms
  • Explore Hyperswitch
    • Payment Orchestration
      • Accept Payments
        • Connectors
          • Activate Connector on Hyperswitch
          • Try a Payment
          • Available Connectors
            • ACI
            • Adyen
            • Airwallex
            • Authorizedotnet
            • Bambora
            • Bank of America
            • Billwerk
            • Bluesnap
            • Braintree
            • Checkout
            • Coinbase
            • Cybersource
              • Apple Pay
              • Google Pay
            • dLocal
            • Fiserv
            • GlobalPayments
            • GoCardless
            • Klarna
            • Mollie
            • MultiSafepay
            • Nuvei
            • OpenNode
            • Paypal
            • PayU
            • Prophetpay
            • Rapyd
            • Shift4
            • Stripe
            • TrustPay
            • Volt
            • Worldline
            • Worldpay
            • Zen
            • Netcetera
              • Authenticating Payments via Netcetera Through HyperSwitch SDK
        • Setup Payment Methods
          • Cards
          • Wallets
            • Apple Pay
              • Web Domain
              • iOS Application
            • Google Pay
            • PayPal
          • Pay Later
          • Banks
            • Bank Debits
            • Bank Redirects
            • Bank Transfers
            • Open Banking
          • Crypto
          • Test Credentials
        • Payment Links
          • Configurations
          • Create Payment Links
          • Secure Payment Links
          • Setup Custom Domain
        • Save a Payment Method
        • Manual Capture
        • Incremental Authorization
        • Tokenization & Card Vault
          • Network Tokenisation
        • Supported Payment Workflows
        • Co-badged Cards
        • Webhooks
      • Process Payouts
        • Getting Started with Payouts
        • Using Saved Payment Methods
        • Smart Router for Payouts
        • Smart Retries in Payout
        • Payout Links
      • Smart Routing
        • Rule Based Routing
        • Volume Based Routing
        • Default Fallback Routing
      • Smart Retries
        • 3DS Step-up Retries
      • 3DS / Strong Customer Authentication
        • Setting up 3DS Decision Manager
        • Native 3DS Authentication
        • External Authentication for 3DS
      • Fraud & Risk Management
        • Activating FRM in Hyperswitch
        • Fraud Blocklist
      • Subscriptions
        • PG Agnostic Card Forwarding
        • Zero Amount Authorization
      • Split Payments
        • Stripe Split Payments
        • Adyen Split Payments
        • Xendit Split Payments
    • Checkout Experience
      • Customizable and Native Integrations
        • Web
          • Node And React
          • Customization
          • Error Codes
          • Node and HTML
          • Vanilla JS and REST API Integration
        • Android
          • Kotlin with Node Backend
          • Customization
          • Features
        • iOS
          • Swift with Node Backend
          • Customization
          • Features
        • React Native
          • React Native with Node Backend
          • Card Widget
          • Customization
        • Flutter
          • Flutter with Node Backend
          • Customization
        • Headless SDK
        • Server Setup
      • Click To Pay
        • Visa Click to Pay: V1 to V2 Migration
      • Payment Methods Management
    • Payment Operations
      • Managing Accounts and Profiles
        • ⚙️Control Centre Account setup
        • Hyperswitch Account Structure
      • Manage Your Team
      • Analytics & operations
        • Exporting payments data
      • Disputes / Chargebacks
      • Surcharge
        • Surcharge Setup guide
      • Multi-Tenancy
      • Data migration
        • Import data to Hyperswitch
        • Export data from Hyperswitch
    • Security and Compliance
      • PCI Compliance
      • Data Security
      • GDPR compliance
      • Identity and Access Management
    • E-commerce Platform Plugins by Hyperswitch
      • 🔌WooCommerce Plugin
        • Setup
        • Roadmap
        • Compatibility
        • FAQs
      • Saleor App
        • Setup
      • Automatic Tax calculation for Express Checkout wallets
  • Hyperswitch open source
    • Overview
      • Run Hyperswitch Locally Using Docker
        • Run Additional Services
      • Development Environment Setup
        • Backend
          • Configure and Run the Application
          • Try out APIs
        • SDK (Frontend)
        • Control Center
    • Deploy on AWS
      • Deploy on AWS using CloudFormation
      • Component-wise Deployment
        • Deploy app server
        • Deploy Control Center
        • Deploy web client
          • Production ready deployment
          • Integrate web client on your web app
          • Playground deployment for prototyping (optional)
        • Deploy Card Vault
          • Production ready deployment on AWS
          • Cloud setup guide
    • Deploy on Kubernetes
      • Deploy on GCP Using Helm Charts
      • Deploy on Azure Using Helm Charts
    • Exploration Guide
    • Account setup
      • Using Hyperswitch Control Center
      • Test a payment
      • Using postman
    • Troubleshooting
  • Testing Payments
  • Check list for Production
    • Going live
      • For SaaS Setup
      • For On-Prem Setup
        • Monitoring
        • PCI compliance
          • Get started
          • Completing the SAQ
        • Data Security
        • Updates
  • Learn more
    • API Reference
    • Connectors Supported
    • SDK Reference
      • React
      • JS
      • Custom Events
    • Hyperswitch architecture
      • Router
      • Storage
      • A Payments Switch with virtually zero overhead
    • Payment flows
    • Blog
  • Community Guidelines
Powered by GitBook

Compliance

  • Vulnerability Disclosure
  • PCI DSS 4.0
  • ISO 27001:2022

Community

  • Slack
  • Discord
  • GitHub Discussion
On this page
  • Standalone deployment of the Hyperswitch Card Vault
  • Step 1 - [Optional] - Create a new user with Admin access (if you do not have a non-root user)
  • Step 2 - Configure your AWS credentials in your terminal
  • Step 3 - Deploy Card Vault
  • Unlocking the Card Vault
  • Output
  • Integrating it with your Application
  • Next step:

Was this helpful?

  1. Hyperswitch open source
  2. Deploy on AWS
  3. Component-wise Deployment
  4. Deploy Card Vault

Production ready deployment on AWS

CDK script to deploy Hyperswitch Card Vault on AWS

Last updated 4 months ago

Was this helpful?

This section covers the steps for deploying the Hyperswitch card vault as an individual component

If you're looking for a production grade deployment of the card vault to be used along with the Hyperswitch application, refer to the the of Hyperswitch which includes the card locker as well.

Standalone deployment of the Hyperswitch Card Vault

Pre-requisites

  • git installed on your local machine

  • node version 18

  • An AWS user account with admin access (you can create an account if you do not have one)

Step 1 - [Optional] - Create a new user with Admin access (if you do not have a non-root user)

  • Create a new user in your AWS account from (as shown below)

  • While setting permissions, provide admin access to the user

Step 2 - Configure your AWS credentials in your terminal

For this step you would need the following from your AWS account

  1. Preferred AWS region

  2. Access key ID

  3. Secret Access Key

  4. Session Token (if you MFA set up)

Once you have the keys run the below command

export AWS_DEFAULT_REGION=<Your AWS_REGION> // e.g., export AWS_DEFAULT_REGION=us-east-2
export AWS_ACCESS_KEY_ID=<Your Access_Key_Id> // e.g., export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=<Your Secret_Access_Key> // e.g., export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_SESSION_TOKEN="<Your AWS_SESSION_TOKEN>" //optional

Step 3 - Deploy Card Vault

Run the below commands in the same terminal session

git clone https://github.com/juspay/hyperswitch-cdk.git
cd hyperswitch-cdk
sh install-locker.sh

Once the script is run you will have to provide the following as inputs

  1. Provide the master-key when prompted (command to generate the master-key will be displayed on the terminal; also note down the two custodian keys to start the locker)

  2. Provide the Locker DB password of your choice when prompted

  3. If you want to deploy the card vault in an existing VPC of yours, provide the VPC ID when prompted.

Note: The VPC should have at least one private subnet with egress to deploy the card vault

  1. If you don't have one or want to set up a new VPC leave the input blank and proceed

Unlocking the Card Vault

At this point your locker setup on the AWS account is complete. Please following the setups below to unlock the locker to make it read for use.

  • Run the following command to generate the key for the jump-server

aws ssm get-parameter --name /ec2/keypair/$(aws ec2 describe-key-pairs --filters Name=key-name,Values=LockerJump-ec2-keypair --query "KeyPairs[*].KeyPairId" --output text) --with-decryption --query Parameter.Value --output text > locker-jump.pem
  • Run the following command to update the permissions for your jump server key

chmod 400 locker-jump.pem
  • Run the following command to SSH access your Card Vault instance through a jump server

ssh -i locker-jump.pem ec2-user@$JUMP_SERVER_ID
  • The locker_public key and the tenant_private key to use the locker with your application (Hyperswitch or otherwise) would be generated and available in the Parameter Store. Use the commands provided to fetch them.

aws ssm get-parameter --name /locker/public_key:1 --query 'Parameter.Value' --output text
aws ssm get-parameter --name /tenant/private_key:1 --query 'Parameter.Value' --output text

Output

On successful deployment of the Card Vault you will receive the following

Output
What it is used for

Jump Locker SSH Key

This is used to Jump Locker SSH key to access the jump server

Jump Locker Public IP

The IP Address of the the Jump Server where you can activate the Card Vault

Locker IP

The URL of the Card Vault service

Locker Public Key

The public key of the card vault that needs to be used to JWE encrypt the requests to the card vault

Tenant Private Key

The private key of the tenant application that needs to be used to JWE decrypt the response from the card vault

Make sure to save the keys and passwords you provide while running the script

Integrating it with your Application

To start using it with Hyperswitch update the following environment variables while deploying. You can use it with any other tenant application using the respective card vault URL and JWE keys.

ROUTER__LOCKER__HOST= # add the ip address of the ec2 instance created
ROUTER__JWEKEY__VAULT_ENCRYPTION_KEY= # add the JWE public key of locker generated above
ROUTER__JWEKEY__VAULT_PUBLIC_KEY= # add the JWE private key of tenant generated above

Next step:

You can create or manage your access keys from IAM > Users inside your AWS Console. For more information,

Use the custodian keys to activate the locker (You can find the cURLs ) These cURLs are also displayed at the end of the script.

click here
here
Test a payment
full-stack deployment guide
here
IAM -> Users