Skip to main content

Configure the VaultCode Application

In this step, you will create the application config file that will manage how VaultCode behaves.

First of all, download the VaultCode release files.

In this ZIP file you will find multiple application.yml configuration files. The application-vault-code-hsm.yml file is intended for running inside the HSM. Below is a listing of the most important options. For all available options, see the application-vault-code-template.yml.

Take the application-vault-code-hsm.yml and it edit according to your needs.

hsm:
  host: 'host.primus-hsm'                                       # Don't change - this is the equivilent of localhost when running inside the HSM.
  port: '2510'                                                  # Don't change - port for communicating with HSM
  user: 'replace-me_hsm-username'                               # REPLACE with your HSM username (PartitionName)
  setupPassword: 'replace-me_hsm-setupPassword'                 # REPLACE with your HSM SetupPassword
  encryptionPassword: 'replace-me_db-encryptionPassword'        # REPLACE it is used to encrypt the hsm user secret, stored in the database
  attestationKeyName: 'attestation-key'

vaultcode:
  fingerprint:                                                  # Fingerprint of allowed .jar executable. Empty = allow all

  # Only allow connections from localhost to trigger JAR execution
  onlyInternalExecutions: true

  keys:
    output:
      label: output_key_vaultcode                               # key name for output signature
    evidence:
      label: environment_key_vaultcode                          # key name for environment signature
    timestamp:
      label: timestamp_iso_key_vaultcode                        # key name for timestamp signature
    encrypt:
      label: encrypt_key_vaultcode                              # key name for encrypt execution_code

# Set port:8080, TSB sends requests on this port when 'onlyInternalExecutions: true'. For inside HSM use only.
server:
  port: 8080
tip

From other Spring Boot based applications, you may be used to setting the spring.datasource section in the application config file. When running inside the HSM in VaultContainers, you do not need to set this section. The VaultContainers runtime automatically inject these values, to specify the connection parameters for the local database that is also running in VaultContainers.

info

The normal default JCE port is 2300. However, inside the HSM, JCE is reachable from VaultContainers via port 2510. This port will never be reachable from the outside of the HSM.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?