Secrets Config (TOML)
This document describes the TOML format for secrets.
Each secret has an alternative corresponding environment variable.
See also: Node Config
Example
[Database]
URL = 'postgresql://user:pass@localhost:5432/dbname?sslmode=disable' # Required
[Password]
Keystore = 'keystore_pass' # Required
Database
[Database]
URL = "postgresql://user:pass@localhost:5432/dbname?sslmode=disable" # Example
BackupURL = "postgresql://user:pass@read-replica.example.com:5432/dbname?sslmode=disable" # Example
AllowSimplePasswords = false # Default
URL
URL = "postgresql://user:pass@localhost:5432/dbname?sslmode=disable" # Example
URL is the PostgreSQL URI to connect to your database. Chainlink nodes require Postgres versions >= 11. See Running a Chainlink Node for an example.
Environment variable: CL_DATABASE_URL
BackupURL
BackupURL = "postgresql://user:pass@read-replica.example.com:5432/dbname?sslmode=disable" # Example
BackupURL is where the automatic database backup will pull from, rather than the main CL_DATABASE_URL. It is recommended to set this value to a read replica if you have one to avoid excessive load on the main database.
Environment variable: CL_DATABASE_BACKUP_URL
AllowSimplePasswords
AllowSimplePasswords = false # Default
AllowSimplePasswords skips the password complexity check normally enforced on URL & BackupURL.
Environment variable: CL_DATABASE_ALLOW_SIMPLE_PASSWORDS
WebServer.LDAP
[WebServer.LDAP]
ServerAddress = 'ldaps://127.0.0.1' # Example
ReadOnlyUserLogin = 'viewer@example.com' # Example
ReadOnlyUserPass = 'password' # Example
Optional LDAP config
ServerAddress
ServerAddress = 'ldaps://127.0.0.1' # Example
ServerAddress is the full ldaps:// address of the ldap server to authenticate with and query
ReadOnlyUserLogin
ReadOnlyUserLogin = 'viewer@example.com' # Example
ReadOnlyUserLogin is the username of the read only root user used to authenticate the requested LDAP queries
ReadOnlyUserPass
ReadOnlyUserPass = 'password' # Example
ReadOnlyUserPass is the password for the above account
Password
[Password]
Keystore = "keystore_pass" # Example
VRF = "VRF_pass" # Example
Keystore
Keystore = "keystore_pass" # Example
Keystore is the password for the node's account.
Environment variable: CL_PASSWORD_KEYSTORE
VRF
VRF = "VRF_pass" # Example
VRF is the password for the vrf keys.
Environment variable: CL_PASSWORD_VRF
Pyroscope
[Pyroscope]
AuthToken = "pyroscope-token" # Example
AuthToken
AuthToken = "pyroscope-token" # Example
AuthToken is the API key for the Pyroscope server.
Environment variable: CL_PYROSCOPE_AUTH_TOKEN
Prometheus
[Prometheus]
AuthToken = "prometheus-token" # Example
AuthToken
AuthToken = "prometheus-token" # Example
AuthToken is the authorization key for the Prometheus metrics endpoint.
Environment variable: CL_PROMETHEUS_AUTH_TOKEN
Mercury.Credentials.Name
[Mercury.Credentials.Name]
Username = "A-Mercury-Username" # Example
Password = "A-Mercury-Password" # Example
URL = "https://example.com" # Example
LegacyURL = "https://example.v1.com" # Example
Username
Username = "A-Mercury-Username" # Example
Username is used for basic auth of the Mercury endpoint
Password
Password = "A-Mercury-Password" # Example
Password is used for basic auth of the Mercury endpoint
URL
URL = "https://example.com" # Example
URL is the Mercury endpoint base URL used to access Mercury price feed
LegacyURL
LegacyURL = "https://example.v1.com" # Example
LegacyURL is the Mercury legacy endpoint base URL used to access Mercury v0.2 price feed
Threshold
[Threshold]
ThresholdKeyShare = "A-Threshold-Decryption-Key-Share" # Example
ThresholdKeyShare
ThresholdKeyShare = "A-Threshold-Decryption-Key-Share" # Example
ThresholdKeyShare used by the threshold decryption OCR plugin