Quorum Key Manager command line options

This reference describes the syntax of the Quorum Key Manager (QKM) command line interface (CLI) options.

Options

You can specify QKM options:

• On the command line.

  key-manager run [OPTIONS]

• As environment variables.

auth-api-key-file

Syntax

--auth-api-key-file=<FILE>

Example

--auth-api-key-file=api_key_file.csv

Environment variable

AUTH_API_KEY_FILE="api_key_file.csv"

When using API key authentication, path to the API key CSV file.

auth-oidc-issuer-url

Syntax

--auth-oidc-issuer-url=<URL>

Example

--auth-oidc-issuer-url="https://quorum-key-manager.eu.auth0.com/"

Environment variable

AUTH_OIDC_ISSUER_URL="https://quorum-key-manager.eu.auth0.com/"

When using OAuth 2.0 authentication, URL of the OpenID Connect server. You must use this option with --auth-oidc-ca-cert.

auth-oidc-audience

Syntax

--auth-oidc-audience=<AUDIENCE>

Example

--auth-oidc-audience=https://quorum-key-manager.eu.auth0.com

Environment variable

AUTH_OIDC_AUDIENCE="https://quorum-key-manager.eu.auth0.com"

When using OAuth 2.0 authentication, expected audience (aud field) of access tokens. You must use this option with --auth-oidc-issuer-url.

auth-tls-ca

Syntax

```bash
--auth-tls-ca=<FILE>
```

Example

```bash
--auth-tls-ca=ca.crt
```

Environment variable

```bash
AUTH_TLS_CA="ca.crt"
```

When using TLS authentication, path to the certificate authority (CA) certificate for the TLS server.

db-database

Syntax

--db-database=<STRING>

Example

--db-database="postgres"

Environment variable

DB_DATABASE="postgres"

Target database name. The default is postgres.

db-host

Syntax

--db-host=<HOST>

Example

--db-host=127.0.0.1

Environment variable

DB_HOST="127.0.0.1"

Database host. The default is 127.0.0.1.

db-keepalive

Syntax

--db-keepalive=<DURATION>

Example

--db-keepalive=1m0s

Environment variable

DB_KEEPALIVE="1m0s"

Number of seconds before the client sends a TCP keepalive message. The default is 1m0s.

db-password

Syntax

--db-password=<STRING>

Example

--db-password="postgres"

Environment variable

DB_PASSWORD="postgres"

Database user password. The default is postgres.

db-pool-timeout

Syntax

--db-pool-timeout=<DURATION>

Example

--db-pool-timeout=30s

Environment variable

DB_POOL_TIMEOUT="30s"

Number of seconds the client waits for a free connection if all connections are busy. The default is 30s.

db-poolsize

Syntax

--db-poolsize=<INTEGER>

Example

--db-poolsize=20

Environment variable

DB_POOLSIZE="20"

Maximum number of connections on the database.

db-port

Syntax

--db-port=<PORT>

Example

--db-port=6174

Environment variable

DB_PORT="6174"

Database port. The default is 5432.

db-sslmode

Syntax

--db-sslmode=<STRING>

Example

--db-sslmode="require"

Environment variable

DB_TLS_SSLMODE="require"

TLS/SSL mode to connect to database (one of require, disable, verify-ca, and verify-full). The default is disable.

db-tls-ca

Syntax

--db-tls-ca=<STRING>

Example

--db-tls-ca=tls_ca.pem

Environment variable

DB_TLS_CA="tls_ca.pem"

Path to TLS certificate authority (CA) in PEM format.

db-tls-cert

Syntax

--db-tls-cert=<STRING>

Example

--db-tls-cert=tls_cert.pem

Environment variable

DB_TLS_CERT="tls_cert.pem"

Path to TLS certificate to connect to database in PEM format.

db-tls-key

Syntax

--db-tls-key=<STRING>

Example

--db-tls-key=tls_key.pem

Environment variable

DB_TLS_KEY="tls_key.pem"

Path to TLS private key to connect to database in PEM format.

db-user

Syntax

--db-user=<STRING>

Example

--db-user="postgres"

Environment variable

DB_USER="postgres"

Database user. The default is postgres.

health-port

Syntax

--health-port=<PORT>

Example

--health-port=6174

Environment variable

HEALTH_PORT="6174"

Port to expose Health HTTP service. The default is 8081.

help

Syntax

-h, --help, [command] --help

Print help information and exit, or if a command is specified, print more information about the command.

http-host

Syntax

--http-host=<HOST>

Example

--http-host=127.0.0.1

Environment variable

HTTP_HOST="127.0.0.1"

Host to expose HTTP service.

http-port

Syntax

--http-port=<PORT>

Example

--http-port=6174

Environment variable

HTTP_PORT="6174"

Port to expose HTTP service. The default is 8080.

https-enable

Syntax

--https-enable

Example

--https-enable

Environment variable

HTTPS_ENABLE=true

Enable HTTPS server. This is required when using TLS authentication.

https-server-cert

Syntax

--https-server-cert=<STRING>

Example

--https-server-cert=tls.crt

Environment variable

HTTPS_SERVER_CERT="tls.crt"

Path to TLS server certificate. This is required when using TLS authentication.

https-server-key

Syntax

--https-server-key=<STRING>

Example

--https-server-key=tls.key

Environment variable

HTTPS_SERVER_KEY="tls.key"

Path to TLS server key. This is required when using TLS authentication.

log-format

Syntax

--log-format=<STRING>

Example

--log-formatter="text"

Environment variable

LOG_FORMATTER="text"

Log formatter. The options are text and json. The default is text.

log-level

Syntax

--log-level=<STRING>

Example

--log-level="debug"

Environment variable

LOG_LEVEL="debug"

Log level. The options are debug, error, fatal, info, panic, trace, and warn. The default is info.

log-timestamp

Syntax

--log-timestamp[=<BOOLEAN>]

Example

--log-timestamp

Environment variable

LOG_TIMESTAMP=true

Enables logging with timestamp (only in text format). The default is true.

manifest-path

Syntax

--manifest-path=<PATH>

Example

--manifest-path=/config/default.yml

Environment variable

MANIFEST_PATH="/config/default.yml"

Path to manifest file/folder to configure key manager stores and nodes.