Quorum Key Manager command line options
This reference describes the syntax of the Quorum Key Manager (QKM) command line interface (CLI) options.
Options
You can specify QKM options:
-
On the command line.
key-manager run [OPTIONS]
-
As environment variables.
auth-api-key-file
--auth-api-key-file=<FILE>
--auth-api-key-file=api_key_file.csv
AUTH_API_KEY_FILE="api_key_file.csv"
When using API key authentication, path to the API key CSV file.
auth-oidc-issuer-url
--auth-oidc-issuer-url=<URL>
--auth-oidc-issuer-url="https://quorum-key-manager.eu.auth0.com/"
AUTH_OIDC_ISSUER_URL="https://quorum-key-manager.eu.auth0.com/"
When using OAuth 2.0 authentication, URL of the OpenID Connect server.
You must use this option with --auth-oidc-ca-cert
.
auth-oidc-audience
--auth-oidc-audience=<AUDIENCE>
--auth-oidc-audience=https://quorum-key-manager.eu.auth0.com
AUTH_OIDC_AUDIENCE="https://quorum-key-manager.eu.auth0.com"
When using OAuth 2.0 authentication, expected audience (aud
field) of access tokens.
You must use this option with --auth-oidc-issuer-url
.
auth-tls-ca
--auth-tls-ca=<FILE>
--auth-tls-ca=ca.crt
AUTH_TLS_CA="ca.crt"
When using TLS authentication, path to the certificate authority (CA) certificate for the TLS server.
db-database
--db-database=<STRING>
--db-database="postgres"
DB_DATABASE="postgres"
Target database name.
The default is postgres
.
db-host
--db-host=<HOST>
--db-host=127.0.0.1
DB_HOST="127.0.0.1"
Database host.
The default is 127.0.0.1
.
db-keepalive
--db-keepalive=<DURATION>
--db-keepalive=1m0s
DB_KEEPALIVE="1m0s"
Number of seconds before the client sends a TCP keepalive
message.
The default is 1m0s
.
db-password
--db-password=<STRING>
--db-password="postgres"
DB_PASSWORD="postgres"
Database user password.
The default is postgres
.
db-pool-timeout
--db-pool-timeout=<DURATION>
--db-pool-timeout=30s
DB_POOL_TIMEOUT="30s"
Number of seconds the client waits for a free connection if all connections are busy.
The default is 30s
.
db-poolsize
--db-poolsize=<INTEGER>
--db-poolsize=20
DB_POOLSIZE="20"
Maximum number of connections on the database.
db-port
--db-port=<PORT>
--db-port=6174
DB_PORT="6174"
Database port.
The default is 5432
.
db-sslmode
--db-sslmode=<STRING>
--db-sslmode="require"
DB_SSLMODE="require"
TLS/SSL mode to connect to database (one of require
, disable
, verify-ca
, and verify-full
).
The default is disable
.
db-tls-ca
--db-tls-ca=<STRING>
--db-tls-ca=tls_ca.pem
DB_TLS_CA="tls_ca.pem"
Path to TLS certificate authority (CA) in PEM format.
db-tls-cert
--db-tls-cert=<STRING>
--db-tls-cert=tls_cert.pem
DB_TLS_CERT="tls_cert.pem"
Path to TLS certificate to connect to database in PEM format.
db-tls-key
--db-tls-key=<STRING>
--db-tls-key=tls_key.pem
DB_TLS_KEY="tls_key.pem"
Path to TLS private key to connect to database in PEM format.
db-user
--db-user=<STRING>
--db-user="postgres"
DB_USER="postgres"
Database user.
The default is postgres
.
health-port
--health-port=<PORT>
--health-port=6174
HEALTH_PORT="6174"
Port to expose Health HTTP service.
The default is 8081
.
help
-h, --help, [command] --help
Print help information and exit, or if a command is specified, print more information about the command.
http-host
--http-host=<HOST>
--http-host=127.0.0.1
HTTP_HOST="127.0.0.1"
Host to expose HTTP service.
http-port
--http-port=<PORT>
--http-port=6174
HTTP_PORT="6174"
Port to expose HTTP service.
The default is 8080
.
https-enable
--https-enable
--https-enable
HTTPS_ENABLE=true
Enable HTTPS server. This is required when using TLS authentication.
https-server-cert
--https-server-cert=<STRING>
--https-server-cert=tls.crt
HTTPS_SERVER_CERT="tls.crt"
Path to TLS server certificate. This is required when using TLS authentication.
https-server-key
--https-server-key=<STRING>
--https-server-key=tls.key
HTTPS_SERVER_KEY="tls.key"
Path to TLS server key. This is required when using TLS authentication.
log-format
--log-format=<STRING>
--log-formatter="text"
LOG_FORMATTER="text"
Log formatter.
The options are text
and json
.
The default is text
.
log-level
--log-level=<STRING>
--log-level="debug"
LOG_LEVEL="debug"
Log level.
The options are debug
, error
, fatal
, info
, panic
, trace
, and warn
.
The default is info
.
log-timestamp
--log-timestamp[=<BOOLEAN>]
--log-timestamp
LOG_TIMESTAMP=true
Enables logging with timestamp (only in text
format).
The default is true
.
manifest-path
--manifest-path=<PATH>
--manifest-path=/config/default.yml
MANIFEST_PATH="/config/default.yml"
Path to manifest file/folder to configure key manager stores and nodes.