Example TSM configuration file
The configuration is chosen in the following order:
- Base64 environment variable
- Config file path environment variable
- Configuration file passed as argument
- Default configuration file location
Environment variables for the node configuration are CONFIG_FILE
and CONFIG_BASE64
and variables for log configuration are LOG_CONFIG_FILE
and LOG_CONFIG_BASE64
. For the log configuration you can set nothing in all four which will be interpreted as a default log configuration as shown below.
# This is an example TSM node configuration file.
#
# Commented sections means that the feature is either disabled or used with default values.
# Commented variables are listed with their default values.
# Uncommented values are mandatory.
# Defines the operating mode of the TSM node.
#[Mode]
# An embedded node does not listen on any ports and is used when integrating the TSM node directly in an application.
# When Embedded is enabled the player index must be 0. Usually an embedded node will not use a configuration file,
# so only set this to true if you know what you are doing.
#Embedded = false
# General configuration for MPC operations.
[MPC]
# When migrating from an older version of the TSM this parameter specifies how many players were in that TSM. Now the
# number of players is set individually for each MPC operation. Once a TSM is migrated to the new format, this
# parameter is no longer needed.
#PlayerCount = 0
# This used to be the security threshold for the entire TSM, but now the threshold is set individually for each key.
# This parameter is only used when migrating from an older version of the TSM where it is needed to properly convert
# key material to the new format. Once a TSM is migrated to the new format, this parameter is no longer needed.
#Threshold = 0
# Time to wait before all required connections between the MPC nodes have been established.
# When they have been established the MPC session will begin and the SessionTimeout will be used (see below).
#ConnectionTimeout = "10s"
# Time to wait before an MPC session times out.
#SessionTimeout = "3m"
# When another node sends us a message related to a session that is not yet started, that message (or connection) is
# stored as a pending session. We do this since not all sessions can be started at exactly the same time. This
# parameter allows us to control the number of pending sessions. Note that a malicious player can cause a denial of
# service attack by filling up this buffer. This can be mitigated to some extent by controlling the order in which
# sessions are started.
#MaxPendingSessions = 10000
# Configuration for the local player
[Player]
# All players in a TSM are identified by a player index. This is the index of the player running this TSM node.
# We refer to this player as the local player. Other players are called remote players.
Index = 0
# This is a base64 encoding of the private key used to authenticate the local player towards the remote players. This
# must correspond to the public keys configured on the remote players for this player index. A private key can be
# generated using the following OpenSSL commands:
#
# openssl ecparam -name P-256 -genkey -param_enc named_curve -outform DER -out private.key
# openssl base64 -A -in private.key; echo
#
# Instead of P-256 one can use P-384 or P-521 depending on the desired security level (128, 192 or 256 bits).
PrivateKey = "BA3E64=="
# This is a list of base64 encodings of DER encoding of the ASN.1 SubjectPublicKeyInfo structure of RSA public keys.
# This is a white list of public keys that are allowed to be used with export. It is possible to use a single string
# of "*" to allow any public key to be used.
ExportWhiteList = []
# The following is a list of players in the TSM with a static public key.
#
# If stream based communication is used (e.g. MPCTCPServer) then all players except player 0 must be configured with a
# static public key. The logic is that lower numbered players open connections to higher numbered players, so URLs
# are not needed for players with a lower number than the local player.
#
# If packet based communication is used (e.g. MPCAMQPServer) then any player can be configured here with a static key.
# Other players can participate in an MPC protocol, but their public key must be provided when the MPC operation is
# started.
[Players.1]
# The protocol and address of player with index 1. Supported prootocols are tcp, ws and wss. If no protocol is
# specified then tcp is assumed. For tcp connections it is possible to specify the following additional options:
# connectionPoolSize: Number of tcp connections to keep alive to this player. In a multi instance setup this should be
# set to roughly the number of nodes behind the load balancer of this player.
# connectionLifetime: Minimum lifetime of a tcp connection to this player. If the player is not using multi instance
# then this can be set fairly high.
Address = "tcp://player1:9000?connectionPoolSize=2&connectionLifetime=4h"
# This is a base64 encoding of the players public key. A public key can be generated from the private key using the
# following OpenSSL commands:
#
# openssl ec -inform DER -in private.key -pubout -outform DER -out public.key
# openssl base64 -A -in public.key; echo
PublicKey = "BA3E64=="
#[Players.2]
#Address = "..."
#PublicKey = "..."
# User authentication settings.
#[Authentication]
# Lifetime of the tokens for password based user authentication
#TokenLifetime = "5m"
# List of API keys used for authentication in SDKv2
#[[Authentication.APIKeys]]
# Only for SDK V2
# Base64 encoded hash of the API key. A hash for the API key foobar can be generated with the following command:
#
# echo -n "foobar" | openssl dgst -sha256 -binary | openssl base64
#APIKey = ""
# Users with the given API key will be mapped to this user in the system. If the user does not exist, it will be
# created automatically. Set this to an existing user ID to migrate from password to API key authentication.
#ApplicationID = ""
# Setting related to authentication of users based on TLS client certificates.
#[TLSUserAuthentication]
# Points to a file containing a list of CAs from which client certificates are accepted.
#ClientCAFile = ""
# Setting related to authentication of users based on OIDC.
#[OIDCUserAuthentication]
# Lifetime of the OIDC nonce.
#NonceLifetime = "5m"
# List of supported OIDC issuer URLs.
#OIDCIssuers = []
# List of supported Audiences (client ids)
# Audiences = []
# Setting related to authentication of users based on OIDC Access Tokens.
#[OIDCAccessTokenAuthentication]
# List of supported OIDC issuer URLs.
#OIDCIssuers = []
# Configuration for applications that are allowed to access the TSM
#[[OIDCAccessTokenAuthentication.AccessTokens]]
# The name of the application to authenticate, must match audience (aud) in access token
# Audience = "application name"
# The URL of the discovery document for this access token, used to retrieve the public key. Defaults to issuer + "/.well-known/openid-configuration".
# DiscoveryDocURL = issuer + "/.well-known/openid-configuration"
#[OIDCAccessTokenAuthentication.AccessTokens.claims]
# claim0 = "claim value 0"
#[OIDCAccessTokenAuthentication.AccessTokens.claims]
# claim1 = "claim value 1"
# claim2 = "claim value 2"
# Database connection configuration.
[Database]
# The driver used for the database. The following database drivers are supported: sqlite3, mysql and postgres.
DriverName = "sqlite3"
# The name of the datasource. This example shows a SQLite file backed database. For MySQL an example of a datasource
# name could be:
#
# USER:PASSWORD@HOST:3306/DATABASE_NAME?parseTime=true
#
# and for postgres:
#
# postgres://USER:PASSWORD@HOST:5432/DATABASE_NAME?sslmode=disable
DataSourceName = "/tmp/tsmdb"
# This specifies a master encryption key used to protect database records. Note that this key is not directly
# used to encrypt data. Use any long random string here and make sure to keep a backup of it somewhere safe.
EncryptorMasterPassword = "ENCRYPTION_KEY"
# An alternative to specifying a password for encryption is to use a key file. Here the content of the key file
# is hashed and used as the master password. This is useful if one does not want to store the master password
# in the configuration file. After the TSM node has started up this file is no longer needed until next startup.
#EncryptorKeyFile = ""
# Allows specifying a plugin that is loaded and used before the internal TSM encryptions is performed.
# Any handling of the data is done in addition to the normal encryption. The plugin path can be absolute, or
# local. If local it will need to be located in the path of LD_LIBRARY_PATH. The plugin must implement the
# plugin functions defined in the plugin-interface.h header file.
# The plugin MUST ensure that keyshares are handled securely, as failure to do so may compromise the security
# of the installation.
#ExternalEncryptorPlugin = ""
# The maximum number of idle connections in the database connection pool. When using SQLite this should be set to 1.
#MaxIdleConns = 500
# The maximum number of open connections in the database connection pool. When using SQLite this should be set to 1.
#MaxOpenConns = 500
# The maximum time a database connection can be open before it is closed. A value of 0 disables closing of connections.
#ConnMaxLifetime = "3m"
# The maximum time a database connection can be idle before it is close. A value of 0 disables closing of idle connections.
#ConnMaxIdleTime = 0
# MPC server accepting multiplexed TCP connections from other players.
# At least one MPC server must be specified if the player index is greater than 0.
[MPCTCPServer]
# Port number that this server listens on.
Port = 9000
# Settings this to true disables multiplexing. This is usually only needed in some load balancing scenarios.
#DisableMultiplexing = false
# MPC server accepting WebSocket connections from other players.
# At least one MPC server must be specified if the player index is greater than 0.
#[MPCWebSocketServer]
# Port number that this server listens on.
#Port = 9001
# Points to a file containing a PEM encoded certificate which will be used for this connection. Setting this
# enables the use of WSS instead of WS.
#CertificateFile = ""
# The private key corresponding to the certificate above.
#CertificateKeyFile = ""
# MPC server using an AMQP message broker to communicate with other players. Cannot be used with other MPC servers.
#[MPCAMQPServer]
# URL for the AMQP message broker
# For a local test instance with the default vhost and guest user the following URL can be used:
#
# amqp://guest:guest@localhost:5672/
#ServerURL = ""
# When connection to the broker drops or sending of a message fails, how long should we wait before retrying
#RetryDelay = "5s"
# Specify how many channels should be used when sending messages to the broker. You might want to increase this value
# if you enable PublisherConfirms below.
#ChannelPoolSize = 2
# Use the RabbitMQ specific publisher confirms feature. This configures the RabbitMQ server to confirm each message
# before that message is considered delivered by the client. This makes the communication with the broker more
# resillient when the broker restarts or the network connection fails during a session, but it also has a performance
# impact.
#PublisherConfirms = false
# Instruct the message broker to persist messages. If using durable queues this ensures that messages will survice
# a restart of the broker.
#PersistMessages = false
# If SkipSetup is false the client will automatically create exchange and queues on the broker. However, if you need
# more control over who can send and receive messages set this to true and configure the broker like this:
#
# First you need to know how to get the player ID of a player. The player ID is computed by first using SHA-256 to
# hash the public key and then base64 URL encode (without padding) the output of the hash function.
#
# 1. Create a direct exchange with the name tsm.direct
# 2. Create a queue for each player with the name tsm.playerID and an x-message-ttl of session timeout + connection timeout
# 3. Bind the queues above to the exchange with the queue name as the binding key
# 4. Grant all users write access to the exchange
# 5. Grant all users read access to their own queue
#SkipSetup = false
# Server accepting connections from the SDK. This must be specified unless the TSM node is running as a local node.
[SDKServer]
# Port number that this server listens on.
Port = 8080
# Points to a file containing a PEM encoded certificate which will be used for this connection. Setting this
# enables the use of HTTPS instead of HTTP.
#CertificateFile = ""
# The private key corresponding to the certificate above.
#CertificateKeyFile = ""
# This setting enables multiple instances of the same player to be placed behind a load balancer. Each instance will
# either handle sessions itself or route the traffic to other instances.
#[MultiInstance]
# IP address where this instance can be reached from other the instances. If not specified an auto detected address is
# used and this might not be the address you want if there are multiple IP addresses associated with the system.
#Address = ""
# Port number the multi instance server listens on and announces to other nodes. This port MUST ONLY be accessible by
# other nodes representing the same player.
#Port = 7000
# How often should we run a cleanup job that purges old routing entries from the database.
#CleanupInterval = "5m"
# Every CleanupInteval the cleanup job will run with this probability. 0 means never and 100 means always.
#CleanupProbability = 25
# This section is used for initializing the server with values specified in the configuration instead of other sources.
#[Initializers]
# This adds the option to set the wrapping key used for exporting key shares. It will only work if the wrapping key has not already been set
# or generated. This must be an RSA key in a DER encoded PKCS#1 structure.
#WrappingPrivateKey = "BA3E64=="
# The following two entries can be used to bootstrap the node to a specific Administrator name and password. If used, both
# entries must be set in which case the administrator will be created with the specified password. This will only work if
# an administrator have not already been created.
#AdministratorUsername = ""
#AdministratorPassword = ""
# Server used to access various internal performance counters, both Golang and MPC related. Default format is Golang's build-in
# expvar. Can be configured to be Prometheus
#[MetricsServer]
#Port = 10000
#Prometheus = false
# Server used for serving runtime profiling data in the format expected by the pprof visualization tool. This requires
# that the TSM node is compiled with profiling enabled. Only used for internal debugging.
#[ProfilingServer]
#Port = 11000
# Configures system logging for the TSM node.
#[Logging]
# Log level. If not specified it default to "info".
#Level = ""
# If this section is present then certain operations on the TSM node are stored in an audit log. The
# audit log is periodically signed and uploaded to an audit receiver.
#[Audit]
# URL of the audit receiver. Audit logs are sent to this URL using HTTP POST requests.
#ReceiverURL = ""
# Public key of the audit receiver. This corresponds to the public key in the TLS certiticate.
#ReceiverPublicKey = "BA3E64=="
# Private key used to establish a connection to the audit receiver using mTLS.
#ClientPrivateKey = "BA3E64=="
# Log entries are signed before they are uploaded to the audit receiver. This is the 32 byte seed used to generate
# an Ed25519 signing key per RFC-8032.
#LogEntrySigningKeySeed = "BA3E64=="
# Maximum number of audit log entries that are sent in one request.
#MaxBatchSize = 50
# Minimum time to wait before checking for new audit log entries to upload.
#MinWaitTime = "15s"
# Maximum time to wait before checking for new audit log entries to upload.
#MaxWaitTime = "2m"
# The configurations below are for the individual MPC protocols supported by the TSM. Comment a protocol to
# disable it. In the following n denotes the total number of players and t is the security threshold.
# Computes ECDSA signatures. This protocol requires n >= 2t+1. Cannot be enabled together with DKLS19.
#[SEPH18S]
# Shortest allowed BIP-32 chain path.
#MinChainPathLength = 0
# Cache size for intermediate public keys when using BIP-32 chain paths.
#Bip32CacheSize = 1024
# Whether or not to allow resharing.
#EnableResharing = false
# Whether or not to allow export of keys under a wrapping key. This is intended to export key shares to replicate the keys on a set of TSM nodes to another set of TSM nodes (same number of nodes). The public keys that can be used for this function must be white listed.
#EnableExport = false
# Whether or not to allow backup of shares. This will export clear backup of shares primiraly intended for backup of single nodes, e.g. on a phone.
#EnableShareBackup = false
# Maximum number of presignatures that can be generated in one request.
#PresigGenRequestLimit = 1000
# Maximum number of presignatures that can be generated concurrently for the entire TSM node.
#PresigGenGlobalLimit = 50000
# Computes ECDSA signatures. This protocol only requires t < n. Cannot be enabled together with SEPH18S.
#[DKLS19]
# Shortest allowed BIP-32 chain path.
#MinChainPathLength = 0
# Cache size for intermediate public keys when using BIP-32 chain paths.
#Bip32CacheSize = 1024
# Whether or not to allow resharing.
#EnableResharing = false
# Whether or not to allow Emergency Recovery Information to be exported. This is intended to extract the whole private key from the system.
#EnableERSExport = false
# Whether or not to allow export of keys under a wrapping key. This is intended to export key shares to replicate the keys on a set of TSM nodes to another set of TSM nodes (same number of nodes). The public keys that can be used for this function must be white listed.
#EnableExport = false
# Whether or not to allow backup of shares. This will export clear backup of shares primarily intended for backup of single nodes, e.g. on a phone.
#EnableShareBackup = false
# Whether or not to allow export of BIP32 seeds.
#EnableBIP32ExportSeed = false
# Maximum number of presignatures that can be generated in one request.
#PresigGenRequestLimit = 100
# Maximum number of presignatures that can be generated concurrently for the entire TSM node.
#PresigGenGlobalLimit = 5000
# Computes Ed25519 and Ed448 signatures. This protocol only requires t < n.
#[SEPD19S]
# Shortest allowed chain path. A chain path is used to derive many keys from a single master key.
#MinChainPathLength = 0
# Whether or not to allow resharing.
#EnableResharing = false
# Whether or not to allow Emergency Recovery Information to be exported. This is intended to extract the whole private key from the system.
#EnableERSExport = false
# Whether or not to allow export of keys under a wrapping key. This is intended to export key shares to replicate the keys on a set of TSM nodes to another set of TSM nodes (same number of nodes). The public keys that can be used for this function must be white listed.
#EnableExport = false
# Whether or not to allow backup of shares. This will export clear backup of shares primarily intended for backup of single nodes, e.g. on a phone.
#EnableShareBackup = false
# Maximum number of presignatures that can be generated in one request.
#PresigGenRequestLimit = 1000
# Maximum number of presignatures that can be generated concurrently for the entire TSM node.
#PresigGenGlobalLimit = 100000
# Computes various RSA signing and encryption. Requires t = 1 and n = 3.
#[SEPH20RSA]
# Computes a pseudo random function based on AES-CTR.
#[SEPH15PRF]
#KeySize = 16
# Computes the ECDH function. This protocol only requires t < n.
#[SEPD20ECDH]
# XOR sharing of byte arrays
#[XorShare]
# Sends a message to all players.
#[Broadcast]
# Maximum size in bytes for a broadcast message.
#MaxMessageLength = 65536
# The following protocols are general MPC protocols. At most one of them can be enabled at the same time. For a given
# protocol choose if it can be used for AES, HMAC or both. When in doubt use MRZ15.
# General MPC protocol for n = 2. Based on https://eprint.iacr.org/2017/189
#[WRK17]
#AES = true
#HMAC = false
#AN10922 = false
#KeySize = 16
#Rho = 40
#BucketSize = 4
# General MPC protocol for n = 3 and t = 1. Based on https://eprint.iacr.org/2015/931
#[MRZ15]
#AES = true
#HMAC = true
#AN10922 = false
#RFC5649 = false
#KeySize = 16
# Configures system logging for the TSM node.
# Log level. If not specified it defaults to "info". Possible values are "panic", "fatal", "error", "warn", "warning", "info", "debug", "trace".
#Level = ""
# File path. If specified, the node will log to the file at path. Otherwise stdout is used.
#FilePath = ""
# Report caller. If true, the log will show where the log call was made. Defaults to true.
#ReportCaller = true
Updated about 1 month ago