Skip to main content

HashiCorp Vault configuration settings

The TOML configuration file used to retrieve the encryption key from HashiCorp Vault and configure secure communication using TLS when configuring encrypted storage.

Configuration settingRequired/OptionalDescription
hashicorp.serverHostRequiredHost address of HashiCorp Vault.
hashicorp.serverPortRequiredPort number of HashiCorp Vault.
hashicorp.tokenRequiredRoot token generated when starting HashiCorp Vault.
hashicorp.keyPathRequiredPath to the stored encryption key.
hashicorp.keyNameOptionalName of the stored encryption key. The default is value.
hashicorp.timeoutOptionalTimeout in milliseconds. The default is 10000 (10 seconds).
hashicorp.tlsEnableOptionalEnable a TLS connection between Hyperledger Besu and HashiCorp Vault server. The default is true.
hashicorp.tlsVerifyHostOptionalVerify the host name on the certificate matches the server. If they do not match, the connection is denied. If TLS is enabled, the default is true.
hashicorp.tlsTrustStoreTypeOptionalType of trust store. Supported types include PEM, PKCS12, and JKS.
hashicorp.tlsTrustStorePathOptionalLocation of the trust store.
hashicorp.tlsTrustStorePasswordOptionalTrust store password. Required if the trust store type is JKS or PKCS12.