Configuration

For the latest and most up to date description of the Envoy configuration, ask Envoy directly! You can do this using the Envoy docker image as follows:

$ docker run trisa/envoy:latest envoy config

This will print out a table of the configuration options, default values, and descriptions. If you’d prefer it in list form, run:

$ docker run trisa/envoy:latest envoy config --list

Configuration Values

Envoy is configured via the environment and for local development, also supports using .env files in the working directory for loading environment variables. We recommend configuring Envoy using the deployment mechanism of your choice. For example, if you’re running the binary using systemd, then the environment should be defined in your .service using Environment or an EnvironmentFile. If you’re using Kubernetes or Docker, then the environment variables should be added to the manifest of your deployment.

A list of the primary environment variables and their configuration are as follows:

EnvVarTypeDefaultDescription
TRISA_MAINTENANCEboolfalseIf true, the node will start in maintenance mode and will respond Unavailable to requests
TRISA_ORGANIZATIONstringEnvoySpecify the display name of the organization using the Envoy node for the web UI and interactive docs
TRISA_MODEstringreleaseSpecify the mode of the API/UI server (release, debug, or testing)
TRISA_LOG_LEVELstringinfoSpecify the verbosity of logging (trace, debug, info, warn, error, fatal, panic)
TRISA_CONSOLE_LOGboolfalseIf true, logs colorized human readable output instead of json
TRISA_DATABASE_URLstringsqlite3:///trisa.dbDSN containing the backend database configuration
TRISA_WEBHOOK_URLstringSpecify a callback webhook so that incoming travel rule messages can be handled by a different system
TRISA_ENDPOINTstringThe endpoint of the TRISA node as defined by the mTLS certificates (to create travel addresses)
TRISA_TRP_ENDPOINTstringIf enabled, the endpoint of the TRP node as assigned by the mTLS certificates (to create travel addresses)

Web UI/API Configuration

These configuration values influence the behavior of the internal web UI and API.

EnvVarTypeDefaultDescription
TRISA_WEB_ENABLEDbooltrueIf false, both the web UI and API are disabled
TRISA_WEB_API_ENABLEDbooltrueIf false, the API will return unavailable when accessed
TRISA_WEB_UI_ENABLEDbooltrueIf false, the web UI will return unavailable when accessed
TRISA_WEB_BIND_ADDRstring:8000The IP address and port to bind the web server on
TRISA_WEB_ORIGINstringhttp://localhost:8000The origin (url) of the web UI for creating API endpoints
TRISA_WEB_DOCS_NAMEstringThe display name for the API docs server in the Swagger app (by default the organization name)
TRISA_WEB_AUTH_KEYSmapOptional static RSA key configuration for signing access and refresh tokens. Should be a comma separated map of keyID:path.
TRISA_WEB_AUTH_AUDIENCEstringhttp://localhost:8000The value for the aud (audience) claim in JWT tokens issued by the API
TRISA_WEB_AUTH_ISSUERstringhttp://localhost:8000The value for the iss (issuer) claim in JWT tokens issued by the API
TRISA_WEB_AUTH_COOKIE_DOMAINstringlocalhostLimit cookies for the UI to the specified domain (exclude any port information)
TRISA_WEB_AUTH_ACCESS_TOKEN_TTLduration1hThe amount of time before an access token expires
TRISA_WEB_AUTH_REFRESH_TOKEN_TTLduration2hThe amount of time before refresh tokens expire
TRISA_WEB_AUTH_TOKEN_OVERLAPduration-15mThe amount of overlap between the access and refresh tokens, the more negative the duration the more the overlap

TRISA Node Configuration

Configuration values for the public facing TRISA node.

EnvVarTypeDefaultDescription
TRISA_NODE_ENABLEDbooltrueIf false, the TRISA node server will not be run
TRISA_NODE_BIND_ADDRstring:8100The ip address and port to bind the TRISA node server on
TRISA_NODE_POOLpathThe path to TRISA x509 certificate pool; this allows you to define what certificate authorities you’re willing to accept using mTLS (optional)
TRISA_NODE_CERTSpathThe path to your TRISA identify certificates and private key for establishing mTLS connections to TRISA peer counterparties
TRISA_NODE_KEY_EXCHANGE_CACHE_TTLduration24hThe duration to cache public keys exchanged with remote TRISA nodes before performing another key exchange

TRISA Directory Configuration

The following configuration influences how the Envoy node connects to the TRISA Global Directory Service.

If you’re running a TestNet node, then ensure the values point to trisatest.net (e.g. api.trisatest.net:443), if you’re running a MainNet node, then ensure the values point to vaspdirectory.net (the default values).

EnvVarTypeDefaultDescription
TRISA_NODE_DIRECTORY_INSECUREboolfalseIf true, do not connect to the directory using TLS (only useful for local development)
TRISA_NODE_DIRECTORY_ENDPOINTstringapi.vaspdirectory.net:443The endpoint of the public GDS service
TRISA_NODE_DIRECTORY_MEMBERS_ENDPOINTstringmembers.vaspdirectory.net:443The endpoint of the private members GDS service
TRISA_DIRECTORY_SYNC_ENABLEDbooltrueIf false, then the background directory sync service will not run
TRISA_DIRECTORY_SYNC_INTERVALduration6hThe interval that the node will synchronize counterparties with the GDS

TRP Node Configuration

Configuration values for the publically facing TRP server.

EnvVarTypeDefaultDescription
TRISA_TRP_ENABLEDbooltrueIf false, the TRP node server will not be run
TRISA_TRP_BIND_ADDRstring:8200The ip address and port to bind the TRISA node server on
TRISA_TRP_USE_MTLSbooltrueIf true, the TRP server will require mTLS authentication
TRISA_TRP_POOLpathThe path to TRP x509 certificate pool; this allows you to define what certificate authorities you’re willing to accept using mTLS (optional)
TRISA_TRP_CERTSpathThe path to your TRP identify certificates and private key for establishing mTLS connections to TRISA peer counterparties

Region Info

Envoy nodes support some provenance features when deployed in a geographically replicated fashion. If you would like to configure your node with hosting information (even just for debugging using the about page on the node), you may set the following environment variables:

EnvVarTypeDefaultDescription
REGION_INFO_IDint32the 7 digit region identifier code
REGION_INFO_NAMEstringthe name of the region
REGION_INFO_COUNTRYstringthe alpha-2 country code of the region
REGION_INFO_CLOUDstringthe cloud service provider
REGION_INFO_CLUSTERstringthe name of the cluster the node is hosted in