Skip to main content

Using the Quorum Key Manager manifest file

Use a YAML manifest file to configure the Quorum Key Manager (QKM) runtime components. You can configure:

  • Stores - A store interfaces with an underlying secure system storage (such as HashiCorp Vault, Azure Key Vault, or AWS KMS) to perform crypto-operations.
  • Nodes - A node interfaces with underlying node endpoints (such as RPC nodes and Tessera nodes).
  • Roles - A role is a named set of permissions assigned to a user.

You can define multiple manifests in one manifest file, each separated by a dash (-).

Example Quorum Key Manager manifest file
# Hashicorp secret store manifest
- kind: Vault
type: hashicorp
name: hashicorp-vault
mount_point: secret
address: http://hashicorp:8200
token_path: path/to/token_file
namespace: user1_space

- kind: Store
type: secret
name: hashicorp-secrets
vault: hashicorp-vault

# GoQuorum node manifest
- kind: Node
name: goquorum-node
addr: http://goquorum1:8545
addr: http://tessera1:9080

Specify the path to the manifest file or to a directory with several manifest files using the --manifest-path command line option on QKM startup. You can alternatively use the MANIFEST_PATH environment variable.

Starting Quorum Key Manager with a manifest file
key-manager run --manifest-path=/config/manifest.yml