Skip to content
You are reading Quorum Key Manager development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Authenticate using API keys

You can authenticate incoming Quorum Key Manager (QKM) requests using API keys.

Specify an API key file with the --auth-api-key-file command line option when starting QKM.

Starting Quorum Key Manager with API key authentication

key-manager run --auth-api-key-file=api_key_file.csv --manifest-path=/config/default.yml

API key file

The API key file is a CSV file with four columns:

Each CSV line must be a unique API key and all API keys must be in UUID V4 format.

Example API key file

sha256({apiKey1}),tenant1|username1,"*:secret,*:keys","role-admin"
sha256({apiKey2}),username2,"read:*","role-guest"

To extract an API key, QKM uses the standard HTTP basic authentication scheme with a blank username and the API key as the password:

Authorization: Basic <base64({apiKey})>
Authorization: Basic OjA2ZGExYWZlLTE2ZDMtNDhmZS04ZWMyLWZlYTg2NDhkNzM3YQ==

If a user passes an API key that’s in the CSV file, user information from the corresponding line in the CSV file is attached to the request.

Questions or feedback? You can discuss issues and obtain free support on Quorum Key Manager Discord channel.
For paid professional support by Consensys, contact us at [email protected].