Node Configuration
Each MPC node in the TSM reads a toml configuration file when it starts up. The node attempts to read the configuration in the following order, until one of the attempts succeeds:
- Base64 decoding the contents of the environment variable
CONFIG_BASE64 - Reading the file specified in the environment variable
CONFIG_FILE - Reading the file passed as argument
- Reading the file at the default file location
xxx
A Minimal Example
As a minimum, a configuration file consists of:
- The player index and private key of the MPC node
- A database configuration
- A configuration of node-to-node communication; this can be either direct connections, or connections via message broker.
- Configuration for an MPC protocol to use.
- Configuration of the SDK-to-node authentication and communication. This can be API key, mTLS, or OIDC authentication.
Example configuration files for a TSM with three MPC nodes are found below. Here the three nodes are identified by player indices 0, 1, 2, respectively. They are all configured to use local SQLite3 databases. The nodes are configured to use direct node-to-node communication over port 9000 (i.e., no message broker). Each node includes the other nodes' public keys in the configuration file, which means that the public keys need not be provided dynamically each time a new MPC session is started. The configuration specifies SDK authentication via API keys, with a single application called demoapp.
There are many more optional configurations. These are described in the following sectinos and in the comments of the sample configuration file at the end of this section.
[Player]
Index = 0
PrivateKey = "MHcCAQEEIJZ2T0ESxG34wA77rhn+9KMOrkz296jeDUOenHsLmWO/oAoGCCqGSM49AwEHoUQDQgAE0AyIB0e0A00Z+ovqDQ5mjffEqVabU/eEOwOOrkElnSX1qPkgIn5eLIOC7OWQq6dgZnJLjElg6R4vR5a91aAE8w=="
[Players.1]
Address = "tcp://player1:9000"
PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="
[Players.2]
Address = "tcp://player2:9000"
PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJZx6N1ARYmc/6DQBL/47yRL/dMvWi5UQRUiqA05pdjLAb3eXO6yPioocnZNxsQjCerxcMJ2LnvELmK5L6Ovsqw=="
[Database]
DriverName = "sqlite3"
DataSourceName = "/tmp/tsmdb"
EncryptorMasterPassword = "db0masterPassword"
[MPCTCPServer]
Port = 9000
[DKLS19]
[[Authentication.APIKeys]]
APIKey = "jbs3wZ2DAL44CQ9f4LvmEza/rS4k0xeCxB7tUXuiL5Y="
ApplicationID = "demoapp"
[Player]
Index = 1
PrivateKey = "MHcCAQEEILWaOgXLxJUxodTrASskOfTN0y8RD/vuwuv/bOM+f2wroAoGCCqGSM49AwEHoUQDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="
[Players.0]
Address = "tcp://player0:9000"
PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0AyIB0e0A00Z+ovqDQ5mjffEqVabU/eEOwOOrkElnSX1qPkgIn5eLIOC7OWQq6dgZnJLjElg6R4vR5a91aAE8w=="
[Players.2]
Address = "tcp://player2:9000"
PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJZx6N1ARYmc/6DQBL/47yRL/dMvWi5UQRUiqA05pdjLAb3eXO6yPioocnZNxsQjCerxcMJ2LnvELmK5L6Ovsqw=="
[Database]
DriverName = "sqlite3"
DataSourceName = "/tmp/tsmdb"
EncryptorMasterPassword = "db1masterPassword"
[MPCTCPServer]
Port = 9000
[DKLS19]
[[Authentication.APIKeys]]
APIKey = "QcV6NRHhpM7UaFaU3K9T34ud50/8zCvUvQkUR6oKHAg="
ApplicationID = "demoapp"
[Player]
Index = 2
PrivateKey = "MHcCAQEEILWaOgXLxJUxodTrASskOfTN0y8RD/vuwuv/bOM+f2wroAoGCCqGSM49AwEHoUQDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="
[Players.0]
Address = "tcp://player0:9000"
PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0AyIB0e0A00Z+ovqDQ5mjffEqVabU/eEOwOOrkElnSX1qPkgIn5eLIOC7OWQq6dgZnJLjElg6R4vR5a91aAE8w=="
[Players.1]
Address = "tcp://player1:9000"
PublicKey = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZsbGXaVTkx8iiXb7iDSBFs24xYdbe5jTRg57aU0F71BMxhlV46cKMsCDXARriCUBwApfCoAf/ByyJ7TpWRm4Rw=="
[Database]
DriverName = "sqlite3"
DataSourceName = "/tmp/tsmdb"
EncryptorMasterPassword = "db2masterPassword"
[MPCTCPServer]
Port = 9000
[DKLS19]
[[Authentication.APIKeys]]
APIKey = "88IU8yrT6+EGVD6vMoSAlHq2mjfMBd8IoNSWkh61pn4="
ApplicationID = "demoapp"
Note
The keys and passwords in the above example are only intended for demonstration. Generate your own keys and strong passwords if you deploy a TSM in production.
Configuration via Environment Variables
You can insert values into the configuration from environment in two ways (from the example configuration):
- Values in the configuration file can be overridden with environment variables by setting TSM_PATH_TO_VALUE. For example, use the environment variable
TSM_PLAYER_PRIVATEKEY=xxxto setPlayer.PrivateKeytoxxxin the configuration file (overriding any value specified in the toml file). - Alternatively, you can name the environment variable like this
[Player]
PrivateKey = {{ env `PRIVATE_KEY` }}
and then set the environment variable PRIATE_KEY=xxx.
Updated 5 days ago