diff --git a/services/docker-compose.yml b/services/docker-compose.yml
--- a/services/docker-compose.yml
+++ b/services/docker-compose.yml
@@ -3,6 +3,7 @@
   services-net:
     name: services-net
 services:
+  # tunnelbroker
   tunnelbroker-server:
     build:
       dockerfile: services/tunnelbroker/Dockerfile
@@ -38,6 +39,7 @@
       - "${COMM_SERVICES_PORT_BACKUP}:50051"
     volumes:
       - $HOME/.aws/credentials:/root/.aws/credentials:ro
+  # blob
   blob-server:
     networks:
       - services-net
@@ -53,3 +55,14 @@
       - "${COMM_SERVICES_PORT_BLOB}:50051"
     volumes:
       - $HOME/.aws/credentials:/root/.aws/credentials:ro
+  # identity
+  identity-server:
+    networks:
+      - services-net
+    build:
+      dockerfile: services/identity/Dockerfile
+      context: ../
+    image: commapp/identity-server:0.1
+    container_name: identity-server
+    ports:
+      - "${COMM_SERVICES_PORT_IDENTITY}:50051"
diff --git a/services/identity/Dockerfile b/services/identity/Dockerfile
new file mode 100644
--- /dev/null
+++ b/services/identity/Dockerfile
@@ -0,0 +1,28 @@
+FROM rust:1.57
+
+# Create a new user comm and use it to run subsequent commands
+RUN useradd -m comm
+USER comm
+
+RUN mkdir -p /home/comm/app/identity
+WORKDIR /home/comm/app/identity
+RUN cargo init --bin
+
+COPY services/identity/Cargo.toml services/identity/Cargo.lock ./
+
+# Cache build dependencies in a new layer
+RUN cargo build --release
+RUN rm src/*.rs
+
+COPY services/identity .
+
+# Remove the previously-built binary so that only the application itself is
+# rebuilt
+RUN rm ./target/release/deps/identity*
+
+# The build.rs script depends on rustfmt
+RUN rustup component add rustfmt
+
+RUN cargo build --release
+
+CMD ["./target/release/identity"]