membersrvc.yaml

# CA server parameters
#
server:

        # limits the number of operating system threads used by the CA
        # set to negative to use the system default setting
        gomaxprocs: -1

        # path to the OBC state directory and CA state subdirectory
        rootpath: "/var/hyperledger/production"
        cadir: ".membersrvc"

        # port the CA services are listening on
        port: ":7054"

        # TLS certificate and key file paths
        tls:
            cert:
                file:
            key:
                file:

security:
    # Can be 256 or 384
    # Must be the same as in core.yaml
    level: 256

    # Can be SHA2 or SHA3
    # Must be the same as in core.yaml
    hashAlgorithm: SHA3

    # The server host CN (Common Name) to be used (needs to match the TLS Server Certificate)
    serverhostoverride:

    # Boolean (true/false) value indicating whether TLS should be used between the client and
    # the various CA services (ECA, TCA, TLSCA, ACA)
    tls_enabled: false

    # A PEM-encoded (X509 v3, Base64) certificate to use for establishing the TLS connection
    # between the client and the ACA service
    client:
       cert:
           file:

# Enabling/disabling different logging levels of the CA.
#
logging:

# Please see fabric/docs/Setup/logging-control.md for more
# options.
    server: warning
    ca: warning
    eca: warning
    ecap: warning
    ecaa: warning
    aca: warning
    acap: warning
    tca: warning
    tcap: warning
    tcaa: warning
    tlsca: warning

# Default users to be registered with the CA on first launch.  The role is a binary OR
# of the different roles a user can have:
#
# - simple client such as a wallet: CLIENT
# - non-validating peer: PEER
# - validating client: VALIDATOR
# - auditing client: AUDITOR
#
eca:
        # This hierarchy is used to create the Pre-key tree, affiliations is the top of this hierarchy, 'banks_and_institutions' is used to create the key associated to auditors of both banks and
        # institutions, 'banks' is used to create a key associated to auditors of banks, 'bank_a' is used to create a key associated to auditors of bank_a, etc.
        affiliations:
           banks_and_institutions:
              banks:
                  - bank_a
                  - bank_b
                  - bank_c
              institutions:
                  - institution_a
        users:
                #
                # The fields of each user are as follows:
                #    <EnrollmentID>: <system_role (1:client, 2: peer, 4: validator, 8: auditor)> <EnrollmentPWD> <Affiliation> <Affiliation_Role> <JSON_Metadata>
                #
                # The optional JSON_Metadata field is of the following format:
                #   { "registrar": { "roles": <array-of-role-names>, "delegateRoles": <array-of-role-names> } }
                # The 'registrar' section is used to control access to registration of new users directly via the ECAA.RegisterUser GRPC call.
                # (See the 'fabric/membersrvc/protos/ca.proto' file for the definition of ECAA.RegisterUser.)
                # Note that this also controls who can register users via the client SDK.
                #
                # Only users with a 'registrar' section may be a registrar to register other users.  In particular,
                # 1) the "roles" field specifies which member roles may be registered by this user, and
                # 2) the "delegateRoles" field specifies which member roles may become the "roles" field of registered users.
                # The valid role names are "client", "peer", "validator", and "auditor".
                #
                # Example1:
                #    The 'admin' user below can register clients, peers, validators, or auditors; furthermore, the 'admin' user can register other
                #    users who can then register clients only.
                #
                # Example2:
                #    The 'WebAppAdmin' user below can register clients only, but none of the users registered by this user can register other users.
                #
                admin: 1 Xurw3yU9zI0l institution_a '{"registrar":{"roles":["client","peer","validator","auditor"],"delegateRoles":["client"]}}'
                WebAppAdmin: 1 DJY27pEnl16d institution_a '{"registrar":{"roles":["client"]}}'
                lukas: 1 NPKYL39uKbkj bank_a
                system_chaincode_invoker: 1 DRJ20pEql15a institution_a
                diego: 1 DRJ23pEQl16a institution_a
                jim: 1 6avZQLwcUe9b bank_a
                binhn: 1 7avZQLwcUe9q institution_a

                # Users for asset transfer with roles test located at
                # sdk/node/test/unit/asset-mgmt-with-roles.js
                alice: 1 CMS10pEQlB16 bank_a
                bob: 1 NOE63pEQbL25 bank_a
                assigner: 1 Tc43PeqBl11 bank_a

                thomas: 1 IUZKYDnatwjW bank_a

                vp: 4 f3489fy98ghf

                test_vp0: 4 MwYpmSRjupbT
                test_vp1: 4 5wgHK9qqYaPy
                test_vp2: 4 vQelbRvja7cJ
                test_vp3: 4 9LKqKH5peurL
                test_vp4: 4 Pqh90CEW5juZ
                test_vp5: 4 FfdvDkAdY81P
                test_vp6: 4 QiXJgHyV4t7A
                test_vp7: 4 twoKZouEyLyB
                test_vp8: 4 BxP7QNh778gI
                test_vp9: 4 wu3F1EwJWHvQ

# Uncomment this section to activate devnet setup as specficied in
# devnet-setup.md
#
#               vp0: 4 vp0_secret
#               vp1: 4 vp1_secret

                test_user0: 1 MS9qrN8hFjlE bank_a
                test_user1: 1 jGlNl6ImkuDo institution_a
                test_user2: 1 zMflqOKezFiA bank_c
                test_user3: 1 vWdLCE00vJy0 bank_a
                test_user4: 1 4nXSrfoYGFCP institution_a
                test_user5: 1 yg5DVhm0er1z bank_b
                test_user6: 1 b7pmSxzKNFiw bank_a
                test_user7: 1 YsWZD4qQmYxo institution_a
                test_user8: 1 W8G0usrU7jRk bank_a
                test_user9: 1 H80SiB5ODKKQ institution_a

                test_nvp0: 2 iywrPBDEPl0K bank_a
                test_nvp1: 2 DcYXuRSocuqd institution_a
                test_nvp2: 2 flpChShlY7xt bank_c
                test_nvp3: 2 jeruawMomclo bank_a
                test_nvp4: 2 RMYVxSZCk370 institution_a
                test_nvp5: 2 XHYVCIJGZGK7 bank_b
                test_nvp6: 2 4cIn63j8ahYp bank_a
                test_nvp7: 2 E7FAJUtWVn2h institution_a
                test_nvp8: 2 LJu8DkUilBEH bank_a
                test_nvp9: 2 VlEsBsiyXSjw institution_a

tca:
          # Enabling/disabling attributes encryption, currently false is unique possible value due attributes encryption is not yet implemented.
          attribute-encryption:
                 enabled: false
aca:
          # Attributes is a list of the valid attributes to each user, attribute certificate authority is emulated temporarily using this file entries.
          # In the future an external attribute certificate authority will be invoked. The format to each entry is:
          #
          #     attribute-entry-#:{userid};{affiliation};{attributeName};{attributeValue};{valid from};{valid to}
          #
          # If valid to is empty the attribute never expire, if the valid from is empty the attribute is valid from the time zero.
          attributes:
              attribute-entry-0: diego;institution_a;company;ACompany;2015-01-01T00:00:00-03:00;;
              attribute-entry-1: diego;institution_a;position;Software Staff;2015-01-01T00:00:00-03:00;2015-07-12T23:59:59-03:00;
              attribute-entry-2: diego;institution_a;position;Software Engineer;2015-07-13T00:00:00-03:00;;
              attribute-entry-3: jim,;institution_a;company;ACompany;2001-02-02T00:00:00-03:00;;
              attribute-entry-4: jim;institution_a;position;Project Manager;2001-02-02T00:00:00-03:00;;
              attribute-entry-5: binhn,;institution_a;company;ACompany;2015-01-01T00:00:00-03:00;;
              attribute-entry-6: binhn;institution_a;position;Technical Leader;2015-01-01T00:00:00-03:00;;

              # User attributes for asset transfer with roles test located at
              #sdk/node/test/unit/asset-mgmt-with-roles.js
              attribute-entry-7: alice;bank_a;role;client;2016-01-01T00:00:00-03:00;;
              attribute-entry-8: alice;bank_a;account;12345-56789;2016-01-01T00:00:00-03:00;;
              attribute-entry-9: bob;bank_a;role;client;2015-02-02T00:00:00-03:00;;
              attribute-entry-10: bob;bank_a;account;23456-67890;2015-02-02T00:00:00-03:00;;
              attribute-entry-11: assigner;bank_a;role;assigner;2015-01-01T00:00:00-03:00;;
              attribute-entry-12: thomas;bank_a;role;testOfRole;2015-01-01T00:00:00-03:00;;
              attribute-entry-13: WebAppAdmin;institution_a;userName;testOfUserName;2015-01-01T00:00:00-03:00;;
              attribute-entry-14: WebAppAdmin;institution_a;role;testOfRole;2015-01-01T00:00:00-03:00;;
              attribute-entry-15: WebAppAdmin;institution_a;typeOfUser;ADMIN-BITCH;2015-01-01T00:00:00-03:00;;

          address: localhost:7054
          server-name: acap
          # Enabling/disabling Attribute Certificate Authority, if ACA is enabled attributes will be added into the TCert.
          enabled: true
pki:
          ca:
                 subject:
                         organization: Hyperledger
                         country: US