Corda has specific configurations mentioned for every HSM that they support. I have tried finding a way to directly configure the node to use softhsm. But I havent been able to find any thing for Corda to work with softHSM.
Hyperledger Fabric has a config (https://hyperledger-fabric.readthedocs.io/en/release-2.0/hsm.html) that works with softHSM.
Any ideas on if Corda can support softHSM and if yes what are the configurations?
we currently do not support SoftHSM. We currently support:
Utimaco
Gemalto Luna
Futurex
Azure Key Vault
Securosys Primus X
nCipher nShield
Please refers to this list of supported HSM to use with.
https://docs.corda.net/docs/corda-enterprise/4.4/node/operating/cryptoservice-configuration.html#using-an-hsm-with-corda-enterprise
Related
We want to extend our existing monitoring to include Nebula resources such as node, service and space.
How can we do this, can you please point me to any documentation
For node, I take it as the OS/Machine level, the vanilla node exporter(and Prometheus)[0] will do the job.
For Service/Space level monitoring, we could leverage the nebula-stats-operator[1]
And actually, there is an all-in-one solution out there in the NebulaGraph community called NebulaGraph Dashboard[2], in which it wired everything together already, even if you are connecting things from scratch on your own, you could still refer to it(on how it leveraged the exporters).
For documentation, you could check the following chapters:
dashboard https://docs.nebula-graph.io/3.3.0/nebula-dashboard/1.what-is-dashboard/
metrics https://docs.nebula-graph.io/3.3.0/6.monitor-and-metrics/1.query-performance-metrics/
ref:
[0] https://github.com/prometheus/node_exporter
[1] https://github.com/vesoft-inc/nebula-stats-exporter
[2] https://github.com/vesoft-inc/nebula-dashboard
Let's say we have the following verification matrix in the Pact broker:
Consumer version
Provider version
Verified?
Comment
1 (Production)
1 (Production)
yes
2
1
no
Consumer updated the contract
2
2
yes
Provider is updated according to contract
We use "can-i-deploy" to check whether we can deploy a version to Production. How can we ever deploy either Consumer v2 or Provider v2 in this case? The "can-i-deploy" script would prevent us from doing it, because there is no verified contract on Production.
I'd recommend reading this guide for the recommended CI/CD setup: https://docs.pact.io/pact_nirvana, and specifically, this guide for the recommended selectors.
The short answer, is that version 2 of the provider would verify more than one contract - usually, you would want to test that provider won't break what's currently in production (using the deployedOrReleased selector) and make sure you're compatible with the latest dev branch (usually via mainBranch: true).
This way, the provider can release without breaking what's in prod and also won't break the consumer that's about to release.
What are the recommendations for the CARBONDB and METRICSDB in production?
In the documentation: https://apim.docs.wso2.com/en/latest/SetupAndInstall/SettingUpDatabases/overview/
CARBONDB and METRICSDB seems related to the instance internal settings and not shared between instances.
So in a production deployment, is it safe to let them managed by h2 or is it better to use a real DB (ex: MariaDB)? If a real DB should be used, does it means that in a distributed deployment we have to create plenty of carbon and metrics schemas?
Thanks.
CARBONDB stores the server related information and those are recoverable if something happens to the carbon database. That's why having H2 is fine for production.
Metrics are now disabled by default in APIM v3.0.0 and due to that, there is no use of Metrics database. So having H2 database for metrics is fine.
The Corda database password is stored in the node.conf in plain text by default:
https://docs.corda.net/head/node-database.html
What options are available to avoid this?
e.g. can you use jasypt or store the value in an environment variable or a cloud vault system?
Are there samples/examples available?
it is possible to override node.conf settings using Environment variables or JVM arguments, see here for more info: https://docs.corda.net/corda-configuration-file.html#overriding-values-from-node-conf
The Enterprise version of Corda also ships with a configuration obfuscator tool which can be used to encrypt settings: https://docs.corda.r3.com/tools-config-obfuscator.html
It seems I'm missing something vital but I cannot see that the badges are available for my pacts at the URI's given in the examples here: https://github.com/pact-foundation/pact_broker/wiki/Provider-verification-badges
Namely: https://your-broker/pacts/provider/PROVIDER/consumer/CONSUMER/latest/badge.svg
(PROVIDER/CONSUMER are replaced with existing values)
I simply get a 404 response when trying to access.
I'm using pact-jvm v3.5.7 and pactbroker v2.6.0.
What I'm I not understanding?
I think 2.6.0 had the badges turned off by default for privacy reasons. I've recently enabled them by default as I think the benefits outweigh the negatives. Upgrade to the latest version of the broker, or set enable_badge_resources = true in the Pact Broker configuration (config.ru).
While you're at it, check out the badges config section in the wiki. https://github.com/pact-foundation/pact_broker/wiki/Configuration#badges
Setting the property enable_badge_resources = true as suggested did the trick. Thanks!