-
Notifications
You must be signed in to change notification settings - Fork 19
/
signatory.yaml
80 lines (76 loc) · 2.85 KB
/
signatory.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
server:
# Address for the main HTTP server to listen on
address: :6732
# Address for the utility HTTP server to listen on
utility_address: :9583
jwt:
# Secret used to sign JWT tokens
users:
user_name1:
password: password1
secret: secret1
jwt_exp: 35
user_name2:
password: password2
secret: secret2
jwt_exp: 30
vaults:
# Name is used to identify backend during import process
kms:
driver: cloudkms
config:
# See backend specific documentation
project: signatory
location: europe-north1
key_ring: hsm-ring
azure:
driver: azure
config:
# See backend specific documentation
vault: https://signatory.vault.azure.net/
tenant_id: cf5dd0ba-d3a3-4f3f-a688-06d12672f8ed
client_id: 5d29a974-edd0-4659-b933-7d9c56726649
client_pkcs12_certificate: principal.pfx
yubi:
driver: yubihsm
config:
# See backend specific documentation
address: localhost:12345
password: password
auth_key_id: 1
hashicorp:
driver: hashicorpvault
config:
address: "http://127.0.0.1:8200"
roleID: "5970e31e-132b-d624-f3eb-10d1fcdd3fab"
secretID: "aa9c4a24-c7f1-a278-a9db-bac58273fe7c"
transitConfig:
mountPoint: "transit/"
watermark:
# Default
driver: file
# List enabled public keys hashes here
tezos:
# This example does not specifiy a policy, and be default will allow signing of "block" and "endorsement" operations only.
tz1Wz4ZabKRsz842Xuzy4a7CcWADfPVsPKus:
# This example specifies which operations and kinds Signatory will sign, and logs payloads.
tz3MhmeqpudUqEX8PYTbNDF3CVcnnjNQoo8N:
# Setting `log_payloads` to `true` will cause Signatory to log operation
# payloads to `stdout`. This may be desirable for audit and investigative
# purposes.
log_payloads: true
allow:
# List of [block, endorsement, failing_noop, generic, preendorsement]
generic:
# List of
# [activate_account, attestation, attestation_with_dal, ballot, dal_publish_commitment, delegation, double_attestation_evidence,
# double_baking_evidence, double_preattestation_evidence, drain_delegate, failing_noop, finalize_unstake, increase_paid_storage,
# origination, preattestation, proposals, register_global_constant, reveal, seed_nonce_revelation, set_delegate_parameters,
# set_deposits_limit, signature_prefix, smart_rollup_add_messages, smart_rollup_cement, smart_rollup_execute_outbox_message,
# smart_rollup_originate, smart_rollup_publish, smart_rollup_recover_bond, smart_rollup_refute, smart_rollup_timeout, stake,
# transaction, transfer_ticket, unstake, update_consensus_key, vdf_revelation, zk_rollup_origination, zk_rollup_publish,
# zk_rollup_update]
- transaction
- endorsement
block:
endorsement: