Skip to content
You are reading Quorum Key Manager development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Quorum Key Manager command line options

This reference describes the syntax of the Quorum Key Manager (QKM) command line interface (CLI) options.

Options

You can specify QKM options:

  • On the command line.

    key-manager run [OPTIONS]

  • As environment variables.

auth-api-key-file

--auth-api-key-file=<FILE>

--auth-api-key-file=api_key_file.csv

AUTH_API_KEY_FILE="api_key_file.csv"

When using API key authentication, path to the API key CSV file.

auth-oidc-issuer-url

--auth-oidc-issuer-url=<URL>

--auth-oidc-issuer-url="https://quorum-key-manager.eu.auth0.com/"

AUTH_OIDC_ISSUER_URL="https://quorum-key-manager.eu.auth0.com/"

When using OAuth 2.0 authentication, URL of the OpenID Connect server. You must use this option with --auth-oidc-ca-cert.

auth-oidc-audience

--auth-oidc-audience=<AUDIENCE>

--auth-oidc-audience=https://quorum-key-manager.eu.auth0.com

AUTH_OIDC_AUDIENCE="https://quorum-key-manager.eu.auth0.com"

When using OAuth 2.0 authentication, expected audience (aud field) of access tokens. You must use this option with --auth-oidc-issuer-url.

auth-tls-ca

--auth-tls-ca=<FILE>

--auth-tls-ca=ca.crt

AUTH_TLS_CA="ca.crt"

When using TLS authentication, path to the certificate authority (CA) certificate for the TLS server.

db-database

--db-database=<STRING>

--db-database="postgres"

DB_DATABASE="postgres"

Target database name. The default is postgres.

db-host

--db-host=<HOST>

--db-host=127.0.0.1

DB_HOST="127.0.0.1"

Database host. The default is 127.0.0.1.

db-keepalive

--db-keepalive=<DURATION>

--db-keepalive=1m0s

DB_KEEPALIVE="1m0s"

Number of seconds before the client sends a TCP keepalive message. The default is 1m0s.

db-password

--db-password=<STRING>

--db-password="postgres"

DB_PASSWORD="postgres"

Database user password. The default is postgres.

db-pool-timeout

--db-pool-timeout=<DURATION>

--db-pool-timeout=30s

DB_POOL_TIMEOUT="30s"

Number of seconds the client waits for a free connection if all connections are busy. The default is 30s.

db-poolsize

--db-poolsize=<INTEGER>

--db-poolsize=20

DB_POOLSIZE="20"

Maximum number of connections on the database.

db-port

--db-port=<PORT>

--db-port=6174

DB_PORT="6174"

Database port. The default is 5432.

db-sslmode

--db-sslmode=<STRING>

--db-sslmode="require"

DB_SSLMODE="require"

TLS/SSL mode to connect to database (one of require, disable, verify-ca, and verify-full). The default is disable.

db-tls-ca

--db-tls-ca=<STRING>

--db-tls-ca=tls_ca.pem

DB_TLS_CA="tls_ca.pem"

Path to TLS certificate authority (CA) in PEM format.

db-tls-cert

--db-tls-cert=<STRING>

--db-tls-cert=tls_cert.pem

DB_TLS_CERT="tls_cert.pem"

Path to TLS certificate to connect to database in PEM format.

db-tls-key

--db-tls-key=<STRING>

--db-tls-key=tls_key.pem

DB_TLS_KEY="tls_key.pem"

Path to TLS private key to connect to database in PEM format.

db-user

--db-user=<STRING>

--db-user="postgres"

DB_USER="postgres"

Database user. The default is postgres.

health-port

--health-port=<PORT>

--health-port=6174

HEALTH_PORT="6174"

Port to expose Health HTTP service. The default is 8081.

help

-h, --help, [command] --help

Print help information and exit, or if a command is specified, print more information about the command.

http-host

--http-host=<HOST>

--http-host=127.0.0.1

HTTP_HOST="127.0.0.1"

Host to expose HTTP service.

http-port

--http-port=<PORT>

--http-port=6174

HTTP_PORT="6174"

Port to expose HTTP service. The default is 8080.

https-enable

--https-enable

--https-enable

HTTPS_ENABLE=true

Enable HTTPS server. This is required when using TLS authentication.

https-server-cert

--https-server-cert=<STRING>

--https-server-cert=tls.crt

HTTPS_SERVER_CERT="tls.crt"

Path to TLS server certificate. This is required when using TLS authentication.

https-server-key

--https-server-key=<STRING>

--https-server-key=tls.key

HTTPS_SERVER_KEY="tls.key"

Path to TLS server key. This is required when using TLS authentication.

log-format

--log-format=<STRING>

--log-formatter="text"

LOG_FORMATTER="text"

Log formatter. The options are text and json. The default is text.

log-level

--log-level=<STRING>

--log-level="debug"

LOG_LEVEL="debug"

Log level. The options are debug, error, fatal, info, panic, trace, and warn. The default is info.

log-timestamp

--log-timestamp[=<BOOLEAN>]

--log-timestamp

LOG_TIMESTAMP=true

Enables logging with timestamp (only in text format). The default is true.

manifest-path

--manifest-path=<PATH>

--manifest-path=/config/default.yml

MANIFEST_PATH="/config/default.yml"

Path to manifest file/folder to configure key manager stores and nodes.

Questions or feedback? You can discuss issues and obtain free support on Quorum Key Manager Discord channel.