Configure
TL;DR¶
The Docker image provided for Signing Agent provides a control file, or configuration file, config.yaml.
Configuration¶
Customize the properties of config.yaml to suit your needs.
The following table presents each property.
| Property | Sub-property | Sub-property/Options | Description |
|---|---|---|---|
| base | Controls connection properties | ||
| qredoApi | https://api.qredo.network or https://sandbox-api.qredo.network | Base domain for the production or sandbox environment | |
| pin | Pin number used to provide a Zero-Knowledge proof token for communication with the Partner API. This token is passed in the “x-api-zkp” header for authentication. | ||
| autoApproval | Enables automatic approval of all transactions | ||
| enabled | true, false |
Toggles automatic approval on/off | |
| retryIntervalMaxSec | Maximum time for which the Signing Agent retries approval attempts. Failure fallback applies after this period | ||
| retryIntervalSec | Interval between approval attempts. Cycled until retryIntervalMaxSec is reached |
||
| qredoWebsocket | Qredo provides a WebSocket to collect transaction approval requests from | ||
| ws_scheme | wss |
The scheme to use for the web socket feed connection. Note, Qredo WebSocket services support WSS calls | |
| reconnectTimeoutSec | Timeout in seconds for connection attempt | ||
| reconnectIntervalSec | Interval in seconds between connection attempts | ||
| pingPeriodSec | The ping period for the ping handler in seconds | ||
| pongWaitSec | The pong wait for the pong handler in seconds | ||
| writeWaitSec | The write wait in seconds | ||
| readBufferSize | The WebSocket upgrader read buffer size in bytes | ||
| writeBufferSize | The WebSocket upgrader write buffer size in bytes | ||
| http | |||
| addr | The address and port the service runs on | ||
| CORSAllowOrigins | * | Optional: The value assigned to the Access-Control-Allow-Origin of the responses of the build in API. If not required, pass *. | |
| logAllRequests | true, false |
Toggles logging of incoming requests to the build in API on/off | |
| TLS | Array of TLS configurations for the internal HTTP server | ||
enabled |
Toggles whether TLS is enabled on/off with true, false |
||
keyFile |
If enabled is true, specifies the key file to use for the TLS server | ||
certFile |
If enabled is true, specifies the cert file to use for the TLS server | ||
| logging | |||
| format | File format for the log | ||
| level | debug, info, warn, error |
Log level; default is debug | |
| loadBalancing | |||
| enable | true, false |
Toggles whether load balancing logic is on/off | |
| onLockErrorTimeoutMs | On lock timeout in milliseconds | ||
| actionIDExpirationSec | Expiration of action_id variable in Redis in seconds |
||
| redis | |||
| host | Redis host | ||
| port | Redis port | ||
| password | Redis password | ||
| db | |||
| store | Store type holding private key information for the Signing Agent | ||
| type | file, oci, aws |
||
| file | If store type is file, pass path to the storage file |
||
| oci | If store type is Oracle cloud configuration, details for the Oracle vault |
||
| compartment | OIDC where the vault and encryption key reside | ||
| vault | OIDC of the vault where the secret will be stored | ||
| secretEncryptionKey | Encryption key used for both the secret and the data inside the secret | ||
| configSecret | Name of secret that will be used to store the data | ||
| aws | Amazon cloud configuration to store the private keys in amazon secrets manager | ||
| region | If using AWS Secrets Manager, AWS region where the secret is stored | ||
| configSecret | If using AWS Secrets Manager, name of the AWS Secrets Manager secret containing the encrypted data |
Example configuration values¶
Warning
Note, this is not an example configuration file, as examples are provided for properties that would conflict, such as storing/passing the private key by different methods.
| Property | Sub-property | Sub-property | Example |
|---|---|---|---|
| base | |||
| qredoApi | sandbox-api.qredo.network | ||
| pin | 0 | ||
| autoApproval | |||
| enabled | false | ||
| retryIntervalMaxSec | 300 | ||
| retryIntervalSec | 5 | ||
| qredoWebsocket | |||
| ws_scheme | wss | ||
| reconnectTimeoutSec | 300 | ||
| reconnectIntervalSec | 5 | ||
| pingPeriodSec | 5 | ||
| pongWaitSec | 10 | ||
| writeWaitSec | 10 | ||
| readBufferSize | 512 | ||
| writeBufferSize | 1024 | ||
| http | |||
| addr | 0.0.0.0:8007 | ||
| CORSAllowOrigins | * | ||
| logAllRequests | false | ||
| TLS | |||
enabled |
true |
||
keyFile |
tls/domain.crt | ||
certFile |
tls/domain.key | ||
| logging | |||
| format | text | ||
| level | debug | ||
| loadBalancing | |||
| enable | false | ||
| onLockErrorTimeoutMs | 300 | ||
| actionIDExpirationSec | 6 | ||
| redis | |||
| host | redis | ||
| port | 6379 | ||
| password | "" | ||
| db | 0 | ||
| store | |||
| type | file | ||
| file | /volume/ccstore.db | ||
| oci | |||
| compartment | ocid1.tenancy.oc1... | ||
| vault | ocid1.vault.oc1... | ||
| secretEncryptionKey | ocid1.key.oc1... | ||
| configSecret | automatedApproverConfig | ||
| aws | |||
| region | aws-region-... | ||
| configSecret | secretsManagerSecret... |
Last update: 2023-01-18