Skip to content
You are reading GoQuorum development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Configure Tessera enclave

You must configure an enclave in the Tessera configuration file. Enclave configuration depends on the enclave type used.

Local enclave

To configure a local enclave, in the configuration file:

Local enclave configuration

{
  "keys": {
    "keyData": [{
      "privateKey": "yAWAJjwPqUtNVlqGjSrBmr1/iIkghuOh1803Yzx9jLM=",
      "publicKey": "/+UuD63zItL1EbjxkKUljMgG8Z1w0AJ8pNOR4iq2yQc="
    }]
  },
  "alwaysSendTo": [],
  ...
}

Starting the transaction manager starts the local enclave as part of the same process:

# start the transaction manager and enclave
tessera --configfile /path/to/tm-config.json

Remote HTTP enclave

To configure a remote HTTP enclave, you must configure the enclave and transaction manager in separate configuration files.

In the remote HTTP enclave configuration file:

  • Configure an ENCLAVE server. Include TLS configuration as appropriate, with the transaction manager as a client of the enclave.
  • Configure the enclave’s keys.

Remote HTTP enclave configuration file

{
 "serverConfigs": [{
   "app": "ENCLAVE",
   "serverAddress": "http://localhost:8080",
   "bindingAddress": "http://0.0.0.0:8080"
 }],
 "keys": {
   "keyData": [{
       "privateKey": "yAWAJjwPqUtNVlqGjSrBmr1/iIkghuOh1803Yzx9jLM=",
       "publicKey": "/+UuD63zItL1EbjxkKUljMgG8Z1w0AJ8pNOR4iq2yQc="
   }]
 },
 "alwaysSendTo": []
}

In the transaction manager configuration file:

  • Configure an ENCLAVE server. Include TLS configuration as appropriate.
  • Do not configure any keys.

Remote HTTP enclave configuration in the transaction manager configuration file

{
  "serverConfigs": [
    {
      "app": "ENCLAVE",
      "serverAddress": "http://localhost:8080",
    },
    {
      "app": "Q2T",
      ...
    },
    ...
  ],
  ...
}

The remote HTTP enclave must be started before the transaction manager:

# start the enclave
enclave-jaxrs/bin/enclave-jaxrs --configfile /path/to/enclave-config.json

# start the transaction manager
tessera --configfile /path/to/tm-config.json

If using vault-stored keys, the corresponding key vault JAR must be included on the classpath:

# start the enclave
cp hashicorp-key-vault/lib/* path/to/enclave-jaxrs-[version]/lib
path/to/enclave-jaxrs-[version]/bin/enclave-jaxrs -configfile /path/to/enclave-config.json
ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on Tessera Slack channel.
For paid professional support by ConsenSys, contact us at [email protected].