NEW

CCIP is now live for all developers. See what's new.

Back

Secrets Config (TOML)

This document describes the TOML format for secrets.

Each secret has an alternative corresponding environment variable.

See also: Node Config

Example

[Database]
URL = 'postgresql://user:pass@localhost:5432/dbname?sslmode=disable' # Required

[Password]
Keystore = 'keystore_pass' # Required

Database

[Database]
URL = "postgresql://user:pass@localhost:5432/dbname?sslmode=disable" # Example
BackupURL = "postgresql://user:pass@read-replica.example.com:5432/dbname?sslmode=disable" # Example
AllowSimplePasswords = false # Default

URL

URL = "postgresql://user:pass@localhost:5432/dbname?sslmode=disable" # Example

URL is the PostgreSQL URI to connect to your database. Chainlink nodes require Postgres versions >= 11. See Running a Chainlink Node for an example.

Environment variable: CL_DATABASE_URL

BackupURL

BackupURL = "postgresql://user:pass@read-replica.example.com:5432/dbname?sslmode=disable" # Example

BackupURL is where the automatic database backup will pull from, rather than the main CL_DATABASE_URL. It is recommended to set this value to a read replica if you have one to avoid excessive load on the main database.

Environment variable: CL_DATABASE_BACKUP_URL

AllowSimplePasswords

AllowSimplePasswords = false # Default

AllowSimplePasswords skips the password complexity check normally enforced on URL & BackupURL.

Environment variable: CL_DATABASE_ALLOW_SIMPLE_PASSWORDS

WebServer.LDAP

[WebServer.LDAP]
ServerAddress = 'ldaps://127.0.0.1' # Example
ReadOnlyUserLogin = 'viewer@example.com' # Example
ReadOnlyUserPass = 'password' # Example

Optional LDAP config

ServerAddress

ServerAddress = 'ldaps://127.0.0.1' # Example

ServerAddress is the full ldaps:// address of the ldap server to authenticate with and query

ReadOnlyUserLogin

ReadOnlyUserLogin = 'viewer@example.com' # Example

ReadOnlyUserLogin is the username of the read only root user used to authenticate the requested LDAP queries

ReadOnlyUserPass

ReadOnlyUserPass = 'password' # Example

ReadOnlyUserPass is the password for the above account

Password

[Password]
Keystore = "keystore_pass" # Example
VRF = "VRF_pass" # Example

Keystore

Keystore = "keystore_pass" # Example

Keystore is the password for the node's account.

Environment variable: CL_PASSWORD_KEYSTORE

VRF

VRF = "VRF_pass" # Example

VRF is the password for the vrf keys.

Environment variable: CL_PASSWORD_VRF

Pyroscope

[Pyroscope]
AuthToken = "pyroscope-token" # Example

AuthToken

AuthToken = "pyroscope-token" # Example

AuthToken is the API key for the Pyroscope server.

Environment variable: CL_PYROSCOPE_AUTH_TOKEN

Prometheus

[Prometheus]
AuthToken = "prometheus-token" # Example

AuthToken

AuthToken = "prometheus-token" # Example

AuthToken is the authorization key for the Prometheus metrics endpoint.

Environment variable: CL_PROMETHEUS_AUTH_TOKEN

Mercury.Credentials.Name

[Mercury.Credentials.Name]
Username = "A-Mercury-Username" # Example
Password = "A-Mercury-Password" # Example
URL = "https://example.com" # Example
LegacyURL = "https://example.v1.com" # Example

Username

Username = "A-Mercury-Username" # Example

Username is used for basic auth of the Mercury endpoint

Password

Password = "A-Mercury-Password" # Example

Password is used for basic auth of the Mercury endpoint

URL

URL = "https://example.com" # Example

URL is the Mercury endpoint base URL used to access Mercury price feed

LegacyURL

LegacyURL = "https://example.v1.com" # Example

LegacyURL is the Mercury legacy endpoint base URL used to access Mercury v0.2 price feed

Threshold

[Threshold]
ThresholdKeyShare = "A-Threshold-Decryption-Key-Share" # Example

ThresholdKeyShare

ThresholdKeyShare = "A-Threshold-Decryption-Key-Share" # Example

ThresholdKeyShare used by the threshold decryption OCR plugin

Stay updated on the latest Chainlink news