MiniBrev is a minimal platform to issue, seal, send, and verify digital credentials.
MiniBrev allows organizations to create cryptographically signed credentials that can be independently verified by anyone.
Recipients receive their credentials via email in two formats:
- JSON: digitally signed and verifiable
- PDF: human-readable
Anyone can verify a credential’s authenticity through the Verify page, without registration or login.
- Create and manage credential templates
- Issue credentials to recipients
- Automatically seal credentials with the organization’s public key
- Email credentials as JSON + PDF attachments
- Receive signed credentials via email
- Verify authenticity through a public verification endpoint
- Manage users and organizations
- Verify accounts and organizations
- Frontend: Angular 20.3.7
- Backend: Spring Boot 3.5.6
- Database: MySQL 8.0.43
- Auth: JWT (access + refresh tokens)
MiniBrev runs locally using Docker Compose, which starts three containers (services):
| Service | Description | Exposed Port |
|---|---|---|
db |
MySQL database | 3307 (mapped to container’s 3306) |
backend |
Spring Boot REST API | internal only (8080, not published) |
frontend |
Nginx container serving the built Angular app and proxying API calls to the backend | 80 |
minibrev/
├── backend/
│ ├── Dockerfile
│ ├── .env
│ └── src/...
├── frontend/
│ ├── Dockerfile
│ ├── nginx.conf
│ └── src/...
└── docker-compose.yml
Define the required secrets in backend/.env:
JWT_SECRET=
DB_USERNAME=minibrev
DB_PASSWORD=minibrev
GMAIL_USERNAME=
GMAIL_APP_PASSWORD=
ADMIN_EMAIL=
ADMIN_PASSWORD=
CRYPTO_SECRET_KEY=
APP_PUBLIC_BASE_URL=http://localhost
APP_INTERNAL_BASE_URL=http://backend:8080| Variable | Description |
|---|---|
| JWT_SECRET | Secret used to sign and verify JWT tokens. You can generate one using:openssl rand -base64 32 |
| DB_USERNAME / DB_PASSWORD | Database credentials (must match docker-compose.yml). |
| GMAIL_USERNAME / GMAIL_APP_PASSWORD | Gmail account used to send activation links and credentials (requires an App Password). |
| ADMIN_EMAIL / ADMIN_PASSWORD | Default admin credentials created at first startup. The admin email can be the same as the app’s Gmail. |
| CRYPTO_SECRET_KEY | Key used to encrypt each organization’s private key in the database. Generate with: openssl rand -base64 32 |
| APP_PUBLIC_BASE_URL | Public backend URL used in credential proofs and verification links (e.g. http://localhost or your domain). |
| APP_INTERNAL_BASE_URL | Internal backend URL used by the backend when calling itself within Docker. Must be http://backend:8080. |
From the project root:
docker compose up --build
This will:
- Build backend and frontend images
- Start MySQL and apply Flyway migrations
- Serve the app at http://localhost