Skip to content
You are reading Quorum Key Manager development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Add a store to Quorum Key Manager

You can define a store in a Quorum Key Manager (QKM) manifest file.

QKM supports the following store interfaces:

Important

If you have existing Ethereum accounts, keys, or secrets in a secure storage system, you must index them in your local QKM database in order to use them.

Vault

Use the following fields to configure one or more vaults:

Example vault store manifest file

# Hashicorp secret store manifest
- kind: Vault
  name: hashicorp-vault
  specs:
    mount_point: secret
    address: http://hashicorp:8200
    token: YOUR_TOKEN
    namespace: user1_space

If using one of the following vault services, include the corresponding spec fields in your manifest.

HashiCorp

If using a HashicorpKeys or HashicorpSecrets store:

  • mount_point: string - secret engine mounting point
  • address: string - HashiCorp server URL
  • token_path: string - path to token file
  • token: string - authorization token
  • namespace: string - default namespace to store data in HashiCorp

Note

  • tokenPath and token are mutually exclusive.
  • If using a Hashicorp to store keys, you must install the HashiCorp Vault Plugin.

Azure Key Vault

If using an AKVKeys or AKVSecrets store:

  • vault_name: string - connected Azure Key Vault ID
  • tenant_id: string - Azure Active Directory tenant ID
  • client_id: string - user client ID
  • client_secret: string - user client secret

Amazon Key Management Service

If using an AWSKeys or AWSSecrets store:

  • access_id: string - AWS access ID
  • secret_key: string - AWS secret key
  • region: string - AWS region
  • debug: boolean - indicates whether to enable debugging

Secret store

Use the following fields to configure one or more secret stores:

Example secret store manifest file

# Hashicorp secret store manifest
- kind: Store
  type: secret
  name: my-secret-store
  specs:
    vault: hashicorp-vault

Key store

Use the following fields to configure one or more key stores:

Example key store manifest file

# Hashicorp key store manifest
- kind: Store
  type: key
  name: my-key-store
  specs:
    vault: hashicorp-vault

# Local key store manifest
- kind: Store
  type: local-keys
  name: my-key-store
  specs:
    secret_store: my-secret-store

Ethereum store

Use the following fields to configure one or more Ethereum stores:

Example Ethereum store manifest file

# Ethereum store manifest
- kind: Store
  type: ethereum
  name: my-ethereum-store
  specs:
    key_store: hashicorp-keys
Questions or feedback? You can discuss issues and obtain free support on Quorum Key Manager Discord channel.
For paid professional support by Consensys, contact us at [email protected].