# Sample configuration of an Azure Key Vault crypto worker # # Type of worker and implementation WORKERGENID1.TYPE=PROCESSABLE WORKERGENID1.IMPLEMENTATION_CLASS=org.signserver.module.signumsigner.SignumSigner WORKERGENID1.AUTHTYPE=org.signserver.server.managed.ManagedAuthorizer # Uses an Azure cloud key vault WORKERGENID1.CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.AzureKeyVaultCryptoToken # Name for other workers to reference this worker: WORKERGENID1.NAME=CryptoTokenAzureKeyVault # Exposes the worker through the Managed REST API WORKERGENID1.MANAGED_VISIBLE=true #WORKERGENID1.MANAGED_VISIBLE=false # If the signer should by default use client-side hashing (the request data # to the signer is implied to be the pre-computed digest), this requires # the ACCEPTED_HASH_DIGEST_ALGORITHMS property to be set #WORKERGENID1.CLIENTSIDEHASHING=true # If the signer should allow overriding whether the request is using a client- # side digest or not (by a request metadata parameter) #WORKERGENID1.ALLOW_CLIENTSIDEHASHING_OVERRIDE=true # Accepted digest hash algorithms used when the request is using a client-side # hash, this is required if any of CLIENTSIDEHASHING, # or ALLOW_CLIENTSIDEHASHING_OVERRIDE is defined and set to "true" WORKERGENID1.ACCEPTED_HASH_DIGEST_ALGORITHMS=SHA-256,SHA-384,SHA-512 # Key vault name (required) WORKERGENID1.KEY_VAULT_NAME= # Key vault client ID (required) WORKERGENID1.KEY_VAULT_CLIENT_ID= # Key vault type (either of "standard", or "premium") (required) WORKERGENID1.KEY_VAULT_TYPE=standard #WORKERGENID1.KEY_VAULT_TYPE=premium # Optional password (client credentials) for the key vault. If specified the token is "auto-activated". #WORKERGENID1.PIN=replace-with-your-client-credentials WORKERGENID1.DISABLEKEYUSAGECOUNTER=true # If a default key is configured, activation is tested by using the default key. If there is no configured default key, # the activation is tested by a test connection to the Azure Key Vault instance. #WORKERGENID1.DEFAULTKEY=testkey0 #WORKERGENID1.DEFAULTKEY=