Canton configuration change after started

Hi team,

We start the Canton process by specifying all configuration in files (e.g. *.conf). May I know if Admin-API / console can modify the configuration after the process is up and running?

In specific, once we specify the certificate for JWT authentication (link), can it be later modified by someone with console access and/or admin-API?

A platform owner is building a decentralized setup, which means that their partner can join the domain with its own participant node. See if there is a way to control the IAM such that only the parties with JWT issued by the platform owner can use the platform, and the partner cannot modify the authentication mechanism on its own participant node.

Thanks in advance.

kc

Hi KC,

You can’t modify the configuration for the JWT authentication for a running participant node.

It should be possible to stop the node, change the static JWT authentication configuration, and then restart the node. As long as you’re using persistent storage, Canton should continue running as before.

Phoebe

Thanks @Phoebe_Nichols . That means the only way for a participant node with persistent storage to use a new certificate for JWT is to

  • stop the process
  • clean up the database, and
  • start the canton process with a new configuration file.

Thanks again.