Skip to content
You are reading Quorum Key Manager development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Using the Quorum Key Manager manifest file

Use a YAML manifest file to configure the Quorum Key Manager (QKM) runtime components. You can configure:

  • Stores - A store interfaces with an underlying secure system storage (such as HashiCorp Vault, Azure Key Vault, or AWS KMS) to perform crypto-operations.
  • Nodes - A node interfaces with underlying node endpoints (such as RPC nodes and Tessera nodes).
  • Roles - A role is a named set of permissions assigned to a user.

You can define multiple manifests in one manifest file, each separated by a dash (-).

Example Quorum Key Manager manifest file

# Hashicorp secret store manifest
- kind: Vault
  type: hashicorp
  name: hashicorp-vault
    mount_point: secret
    address: http://hashicorp:8200
    token_path: path/to/token_file
    token: YOUR_TOKEN
    namespace: user1_space

- kind: Store
  type: secret
  name: hashicorp-secrets
    vault: hashicorp-vault

# GoQuorum node manifest
- kind: Node
  name: goquorum-node
      addr: http://goquorum1:8545
      addr: http://tessera1:9080

Specify the path to the manifest file or to a directory with several manifest files using the --manifest-path command line option on QKM startup. You can alternatively use the MANIFEST_PATH environment variable.

Starting Quorum Key Manager with a manifest file

key-manager run --manifest-path=/config/manifest.yml
Questions or feedback? You can discuss issues and obtain free support on Quorum Key Manager Discord channel.