Skip to content
You are reading GoQuorum development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Configure Tessera enclave

Enclave configuration depends on the type of enclave being used.

Local enclave

In the transaction manager’s configuration file:

Transaction manager configuration file

{
  "keys": {
    "keyData": [{
      "privateKey": "yAWAJjwPqUtNVlqGjSrBmr1/iIkghuOh1803Yzx9jLM=",
      "publicKey": "/+UuD63zItL1EbjxkKUljMgG8Z1w0AJ8pNOR4iq2yQc="
    }]
  },
  "alwaysSendTo": [],
  ...
}

Starting the transaction manager will start the local enclave as part of the same process; for example:

# start the transaction manager and enclave
java -jar /path/to/tessera-app-[version]-app.jar --configfile /path/to/tm-config.json

Remote HTTP enclave

In the remote HTTP enclave’s configuration file:

  • Configure an ENCLAVE server. Include TLS configuration as appropriate, with the transaction manager as a client of the enclave.
  • Configure the enclave’s keys.

Remote HTTP enclave configuration file

{
 "serverConfigs": [{
   "app": "ENCLAVE",
   "serverAddress": "http://localhost:8080",
   "communicationType": "REST",
   "bindingAddress": "http://0.0.0.0:8080"
 }],
 "keys": {
   "keyData": [{
       "privateKey": "yAWAJjwPqUtNVlqGjSrBmr1/iIkghuOh1803Yzx9jLM=",
       "publicKey": "/+UuD63zItL1EbjxkKUljMgG8Z1w0AJ8pNOR4iq2yQc="
   }]
 },
 "alwaysSendTo": []
}

In the transaction manager’s configuration file:

  • Configure an additional serverConfig for the ENCLAVE client. Include TLS configuration as appropriate.
  • Do not configure any keys.

Transaction manager configuration file

{
  "serverConfigs": [
    {
      "app": "ENCLAVE",
      "serverAddress": "http://localhost:8080",
      "communicationType": "REST"
    },
    {
      "app": "Q2T",
      ...
    },
    ...
  ],
  ...
}

The remote HTTP enclave must be started before the transaction manager; for example:

# start the enclave
java -jar /path/to/tessera-app-[version]-app.jar --configfile /path/to/enclave-config.json

# start the transaction manager
java -jar /path/to/tessera-app-[version]-app.jar --configfile /path/to/tm-config.json

Considerations when not using the tessera-app JAR

The tessera-app-[version]-app.jar can be used to run a complete privacy manager (transaction manager and enclave as a single process), a standalone transaction manager, or a remote HTTP enclave.

For a more tailored remote HTTP enclave deployment, the enclave-jaxrs-[version]-server.jar can be used. This contains only the core resources necessary to start a remote HTTP enclave.

If using key vault-stored keys, the corresponding key vault JAR must be included on the classpath; for example:

# start the enclave
java -cp /path/to/enclave-jaxrs-[version]-server.jar:/path/to/hashicorp-key-vault-[version]-all.jar com.quorum.tessera.enclave.rest.Main -configfile /path/to/enclave-config.json

For a more tailored transaction manager deployment, the tessera-simple-[version]-app.jar can be used. This contains only the core resources necessary to start a transaction manager.

The enclave client JAR must be included on the classpath if using a remote HTTP enclave; for example:

# start the transaction manager
java -cp /path/to/tessera-simple-[version]-app.jar:/path/to/enclave-jaxrs-[version].jar com.quorum.tessera.launcher.Main -configfile /path/to/tm-config.json
ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on Tessera Slack channel.
For paid professional support by ConsenSys, contact us at quorum@consensys.net