Skip to main content

SECRETS

This document describes the TOML format for secrets.

Each secret has an alternative corresponding environment variable.

See also CONFIG.md

Example​

[Database]
URL = 'postgresql://user:pass@localhost:5432/dbname?sslmode=disable' # Required

[Password]
Keystore = 'keystore_pass' # Required

Database​

[Database]
URL = "postgresql://user:pass@localhost:5432/dbname?sslmode=disable" # Example
BackupURL = "postgresql://user:pass@read-replica.example.com:5432/dbname?sslmode=disable" # Example
AllowSimplePasswords = false # Default

URL​

URL = "postgresql://user:pass@localhost:5432/dbname?sslmode=disable" # Example

URL is the PostgreSQL URI to connect to your database. Chainlink nodes require Postgres versions >= 11. See Running a Chainlink Node for an example.

Environment variable: CL_DATABASE_URL

BackupURL​

BackupURL = "postgresql://user:pass@read-replica.example.com:5432/dbname?sslmode=disable" # Example

BackupURL is where the automatic database backup will pull from, rather than the main CL_DATABASE_URL. It is recommended to set this value to a read replica if you have one to avoid excessive load on the main database.

Environment variable: CL_DATABASE_BACKUP_URL

AllowSimplePasswords​

AllowSimplePasswords = false # Default

AllowSimplePasswords skips the password complexity check normally enforced on URL & BackupURL.

Environment variable: CL_DATABASE_ALLOW_SIMPLE_PASSWORDS

WebServer.LDAP​

[WebServer.LDAP]
ServerAddress = 'ldaps://127.0.0.1' # Example
ReadOnlyUserLogin = 'viewer@example.com' # Example
ReadOnlyUserPass = 'password' # Example

Optional LDAP config

ServerAddress​

ServerAddress = 'ldaps://127.0.0.1' # Example

ServerAddress is the full ldaps:// address of the ldap server to authenticate with and query

ReadOnlyUserLogin​

ReadOnlyUserLogin = 'viewer@example.com' # Example

ReadOnlyUserLogin is the username of the read only root user used to authenticate the requested LDAP queries

ReadOnlyUserPass​

ReadOnlyUserPass = 'password' # Example

ReadOnlyUserPass is the password for the above account

Password​

[Password]
Keystore = "keystore_pass" # Example
VRF = "VRF_pass" # Example

Keystore​

Keystore = "keystore_pass" # Example

Keystore is the password for the node's account.

Environment variable: CL_PASSWORD_KEYSTORE

VRF​

VRF = "VRF_pass" # Example

VRF is the password for the vrf keys.

Environment variable: CL_PASSWORD_VRF

Pyroscope​

[Pyroscope]
AuthToken = "pyroscope-token" # Example

AuthToken​

AuthToken = "pyroscope-token" # Example

AuthToken is the API key for the Pyroscope server.

Environment variable: CL_PYROSCOPE_AUTH_TOKEN

Prometheus​

[Prometheus]
AuthToken = "prometheus-token" # Example

AuthToken​

AuthToken = "prometheus-token" # Example

AuthToken is the authorization key for the Prometheus metrics endpoint.

Environment variable: CL_PROMETHEUS_AUTH_TOKEN

Mercury.Credentials.Name​

[Mercury.Credentials.Name]
Username = "A-Mercury-Username" # Example
Password = "A-Mercury-Password" # Example
URL = "https://example.com" # Example
LegacyURL = "https://example.v1.com" # Example

Username​

Username = "A-Mercury-Username" # Example

Username is used for basic auth of the Mercury endpoint

Password​

Password = "A-Mercury-Password" # Example

Password is used for basic auth of the Mercury endpoint

URL​

URL = "https://example.com" # Example

URL is the Mercury endpoint base URL used to access Mercury price feed

LegacyURL​

LegacyURL = "https://example.v1.com" # Example

LegacyURL is the Mercury legacy endpoint base URL used to access Mercury v0.2 price feed

Threshold​

[Threshold]
ThresholdKeyShare = "A-Threshold-Decryption-Key-Share" # Example

ThresholdKeyShare​

ThresholdKeyShare = "A-Threshold-Decryption-Key-Share" # Example

ThresholdKeyShare used by the threshold decryption OCR plugin