initial-config heading-link-icon

This section lists the Corda CLI initial-config arguments. You can use these commands to manually perform various setup actions, as described in the Manual Bootstrapping section.

The create-user-config command creates the SQL script to add the RBAC Role-based access control. Also known as role-based security. A permission system to restrict system access based on assigned permissions. configuration for an initial admin user.

ArgumentDescription
-l, --locationThe path to write the generated SQL files to.
-p, --passwordThe password of the initial admin user.
-u, --userThe user name of the initial admin user.
corda-cli.sh initial-config create-user-config -u <INITIAL-ADMIN-USERNAME> -p <INITIAL-ADMIN-PASSWORD> -l /tmp/db
corda-cli.cmd initial-config create-user-config -u <INITIAL-ADMIN-USERNAME> -p <INITIAL-ADMIN-PASSWORD> -l /tmp/db

The create-db-config command creates the SQL statements to insert the connection manager configuration for the database.

ArgumentDescription
-a, --is-adminSpecifies if this is an admin (DDL) connection. The default value is false.
-d, --descriptionDetailed information about the database connection.
-e, --passphraseThe passphrase for the default secrets service. This must match the value specified in the Corda deployment configuration for the database worker A worker that connects to, manages, and operates upon the database(s) used by the Corda cluster. This includes the cluster-level database schemas needed to store configuration data for the cluster, but also the separate databases/schemas used by each virtual node. .
--idle-timeoutThe maximum time (in seconds) that a connection can stay idle in the pool. The default value is 120.
-j, --jdbc-urlThe JDBC URL for the connection. This value is required.
--jdbc-pool-max-sizeThe maximum size of the JDBC connection pool. The default value is 10.
--jdbc-pool-min-sizeThe minimum size of the JDBC connection pool.
-k, --keyenterprise-iconThe vault key for the HashiCorp Vault external secrets service.
--keepalive-timeThe interval time (in seconds) in which connections are tested for aliveness. The default value is 0.
-l, --locationThe path to write the generated SQL files to.
--max-lifetimeThe maximum time (in seconds) a connection can stay in the pool. The default value is 1800.
-n, --nameThe name of the database connection. This value is required.
-p, --passwordThe password for the database connection. This value is required.
-s, --saltThe salt for the default secrets service. This must match the value specified in the Corda deployment configuration for the database worker.
-t, --typeSpecifies the lookup service used to resolve secrets. This can be one of the following:
  • CORDA — the default secrets service. The passphrase and salt values are used to decrypt values.
  • VAULT — the HashiCorp Vault external secrets service. The vault-path and key values are used to resolve values.enterprise-icon
-u, --userThe user name for the database connection. This value is required.
-v, --vault-pathenterprise-iconThe path to Corda created secrets for the HashiCorp Vault external secrets service.
--validation-timeoutThe maximum time (in seconds) that the pool waits for a connection to be validated as alive. The default value is 5.
corda-cli.sh initial-config create-db-config -u <RBAC-USERNAME> -p <RBAC-PASSWORD> \
  --name corda-rbac --jbdc-url jdbc:postgresql://<DB-HOST>:<DB-PORT>/<DB=NAME> \
  --jdbc-pool-max-size <POOL-SIZE> --salt <SALT> --passphrase <PASSPHRASE> -l /tmp/db
corda-cli.cmd initial-config create-db-config -u <RBAC-USERNAME> -p <RBAC-PASSWORD> `
  --name corda-rbac --jbdc-url jdbc:postgresql://<DB-HOST>:<DB-PORT>/<DB=NAME> `
  --jdbc-pool-max-size <POOL-SIZE> --salt <SALT> --passphrase <PASSPHRASE> -l /tmp/db

The create-crypto-config command creates the SQL statements to insert the initial crypto configuration for the database. This operation must be performed after the cluster database is initialized but before the cluster is started.

ArgumentDescription
-l, --locationThe path to write the generated SQL files to.
-p, --passphraseThe passphrase for the encrypting secrets service. This must match the value specified in the Corda deployment configuration for the database worker.
-s, --saltSalt for the encrypting secrets service. This must match the value specified in the Corda deployment configuration for the database worker.
-wp, --wrapping-passphraseThe passphrase for the key derivation function for the master wrapping key. Used to protect all crypto database content via a second set of wrapping keys. For more information see Key Management.
-ws, --wrapping-saltThe salt for the key derivation function for the master wrapping key. Used to protect all crypto database content via a second set of wrapping keys. For more information see Key Management.
corda-cli.sh initial-config create-crypto-config --salt <SALT> --passphrase <PASSPHRASE> -l /tmp/db
corda-cli.cmd initial-config create-crypto-config --salt <SALT> --passphrase <PASSPHRASE> -l /tmp/db

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.