Canton configuration change after started

kctam · January 24, 2022, 2:13am

Hi team,

We start the Canton process by specifying all configuration in files (e.g. *.conf). May I know if Admin-API / console can modify the configuration after the process is up and running?

In specific, once we specify the certificate for JWT authentication (link), can it be later modified by someone with console access and/or admin-API?

A platform owner is building a decentralized setup, which means that their partner can join the domain with its own participant node. See if there is a way to control the IAM such that only the parties with JWT issued by the platform owner can use the platform, and the partner cannot modify the authentication mechanism on its own participant node.

Thanks in advance.

kc

Phoebe_Nichols · January 24, 2022, 12:50pm

Hi KC,

You can’t modify the configuration for the JWT authentication for a running participant node.

It should be possible to stop the node, change the static JWT authentication configuration, and then restart the node. As long as you’re using persistent storage, Canton should continue running as before.

Phoebe

kctam · January 24, 2022, 1:15pm

Thanks @Phoebe_Nichols . That means the only way for a participant node with persistent storage to use a new certificate for JWT is to

stop the process
clean up the database, and
start the canton process with a new configuration file.

Thanks again.

Topic		Replies	Views
Which Canton static configs are immutable across process restarts? Questions	2	162	June 21, 2022
Canton: how to set participant's ledger id Questions	2	608	February 10, 2022
How do I check canton participant configuration? Questions canton	1	435	April 26, 2022
Interaction between JWT, PartyID on Canton Questions daml , canton	9	334	January 24, 2022
Access Token configuration for Canton console Questions canton	2	349	March 18, 2022

Canton configuration change after started

Related topics