-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Tessera release documentation update. (#914)
- Loading branch information
Showing
6 changed files
with
283 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
153 changes: 153 additions & 0 deletions
153
docs/Privacy/Tessera/Configuration/Tessera v0.10.2 sample settings.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
**Changes:** | ||
|
||
- The `keys.keyData.passwords` field is no longer supported. Instead, use `keys.keyData.passwordFile` or utilise the [CLI password prompt](../Keys#providing-key-passwords-at-runtime) when starting the node. | ||
|
||
- Added configuration to choose alternative curves/symmetric ciphers. If no encryptor configuration is provided it will default to NaCl (see [Supporting alternative curves in Tessera](../Configuration Overview#supporting-alternative-curves-in-tessera) for more details). | ||
|
||
e.g. | ||
``` | ||
"encryptor": { | ||
"type":"EC", | ||
"properties":{ | ||
"symmetricCipher":"AES/GCM/NoPadding", | ||
"ellipticCurve":"secp256r1", | ||
"nonceLength":"24", | ||
"sharedKeyLength":"32" | ||
} | ||
} | ||
``` | ||
|
||
**Sample:** | ||
|
||
```json | ||
{ | ||
"useWhiteList": "boolean", | ||
"jdbc": { | ||
"url": "String", | ||
"username": "String", | ||
"password": "String" | ||
}, | ||
"serverConfigs": [ | ||
{ | ||
"app": "ENCLAVE", | ||
// Defines us using a remote enclave, leave out if using built-in enclave | ||
"enabled": true, | ||
"serverAddress": "http://localhost:9081", | ||
//Where to find the remote enclave | ||
"communicationType": "REST" | ||
}, | ||
{ | ||
"app": "ThirdParty", | ||
"enabled": true, | ||
"serverAddress": "http://localhost:9081", | ||
"bindingAddress": "String - url with port e.g. http://127.0.0.1:9081", | ||
"communicationType": "REST" | ||
}, | ||
{ | ||
"app": "Q2T", | ||
"enabled": true, | ||
"serverAddress": "unix:/tmp/tm.ipc", | ||
"communicationType": "REST" | ||
}, | ||
{ | ||
"app": "P2P", | ||
"enabled": true, | ||
"serverAddress": "http://localhost:9001", | ||
"bindingAddress": "String - url with port e.g. http://127.0.0.1:9001", | ||
"sslConfig": { | ||
"tls": "enum STRICT,OFF", | ||
"generateKeyStoreIfNotExisted": "boolean", | ||
"serverKeyStore": "Path", | ||
"serverTlsKeyPath": "Path", | ||
"serverTlsCertificatePath": "Path", | ||
"serverKeyStorePassword": "String", | ||
"serverTrustStore": "Path", | ||
"serverTrustCertificates": [ | ||
"Path..." | ||
], | ||
"serverTrustStorePassword": "String", | ||
"serverTrustMode": "Enumeration: CA, TOFU, WHITELIST, CA_OR_TOFU, NONE", | ||
"clientKeyStore": "Path", | ||
"clientTlsKeyPath": "Path", | ||
"clientTlsCertificatePath": "Path", | ||
"clientKeyStorePassword": "String", | ||
"clientTrustStore": "Path", | ||
"clientTrustCertificates": [ | ||
"Path..." | ||
], | ||
"clientTrustStorePassword": "String", | ||
"clientTrustMode": "Enumeration: CA, TOFU, WHITELIST, CA_OR_TOFU, NONE", | ||
"knownClientsFile": "Path", | ||
"knownServersFile": "Path" | ||
}, | ||
"communicationType": "REST" | ||
} | ||
], | ||
"peer": [ | ||
{ | ||
"url": "url e.g. http://127.0.0.1:9000/" | ||
} | ||
], | ||
"keys": { | ||
"passwordFile": "Path", | ||
"azureKeyVaultConfig": { | ||
"url": "Azure Key Vault url" | ||
}, | ||
"hashicorpKeyVaultConfig": { | ||
"url": "Hashicorp Vault url", | ||
"approlePath": "String (defaults to 'approle' if not set)", | ||
"tlsKeyStorePath": "Path to jks key store", | ||
"tlsTrustStorePath": "Path to jks trust store" | ||
}, | ||
"keyData": [ | ||
{ | ||
"config": { | ||
"data": { | ||
"aopts": { | ||
"variant": "Enum : id,d or i", | ||
"memory": "int", | ||
"iterations": "int", | ||
"parallelism": "int" | ||
}, | ||
"bytes": "String", | ||
"snonce": "String", | ||
"asalt": "String", | ||
"sbox": "String", | ||
"password": "String" | ||
}, | ||
"type": "Enum: argon2sbox or unlocked. If unlocked is defined then config data is required. " | ||
}, | ||
"privateKey": "String", | ||
"privateKeyPath": "Path", | ||
"azureVaultPrivateKeyId": "String", | ||
"azureVaultPrivateKeyVersion": "String", | ||
"publicKey": "String", | ||
"publicKeyPath": "Path", | ||
"azureVaultPublicKeyId": "String", | ||
"azureVaultPublicKeyVersion": "String", | ||
"hashicorpVaultSecretEngineName": "String", | ||
"hashicorpVaultSecretName": "String", | ||
"hashicorpVaultSecretVersion": "Integer (defaults to 0 (latest) if not set)", | ||
"hashicorpVaultPrivateKeyId": "String", | ||
"hashicorpVaultPublicKeyId": "String" | ||
} | ||
] | ||
}, | ||
"alwaysSendTo": [ | ||
"String..." | ||
], | ||
"unixSocketFile": "Path", | ||
"features": { | ||
"enableRemoteKeyValidation": false | ||
}, | ||
"encryptor": { | ||
"type": "Enumeration: NACL, EC", | ||
"properties":{ | ||
"symmetricCipher":"String (defaults to AES/GCM/NoPadding if type = EC)", | ||
"ellipticCurve": "String (defaults to secp256r1 if type = EC)", | ||
"nonceLength": "String (defaults to 24 if type = EC)", | ||
"sharedKeyLength": "String (defaults to 32 if type = EC)" | ||
} | ||
} | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters