Skip to content
You are reading GoQuorum development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

AWS Secrets Manager key pairs

Key pairs are stored as secrets in AWS Secrets Manager. You need to provide the secret IDs for both keys with an optional endpoint.


The endpoint is optional because the AWS SDK can fallback to its builtin property retrieval chain. For example using the environment variable AWS_REGION or ~/.aws/config file.

The AWS SDK documentation provides an explanation of using credentials.

"keys": {
    "keyVaultConfigs": [
            "keyVaultConfigType": "AWS",
            "properties": {
                "endpoint": ""
    "keyData": [
            "awsSecretsManagerPublicKeyId": "secretIdPub",
            "awsSecretsManagerPrivateKeyId": "secretIdKey"

This example configuration retrieves the secrets secretIdPub and secretIdKey from AWS Secrets Manager using the endpoint


A Credential should be scoped to a valid region error when starting means that the region specified in the endpoint differs from the region the AWS SDK has retrieved from its property retrieval chain. This can be resolved by setting the AWS_REGION environment variable to the same region as defined in the endpoint.

Environment variables must be set if using AWS Secrets Manager.

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on Tessera Slack channel.
For paid professional support by ConsenSys, contact us at [email protected]