@hyperlane-xyz/core/dependencies/@chainlink-contracts-ccip-1.5.0/docs/CONFIG.md

Core solidity contracts for Hyperlane

[//]: # (Documentation generated from docs/*.toml - DO NOT EDIT.)

This document describes the TOML format for configuration.

See also [SECRETS.md](SECRETS.md)

## Example

```toml
Log.Level = 'debug'

[[EVM]]
ChainID = '1' # Required

[[EVM.Nodes]]
Name = 'fake' # Required
WSURL = 'wss://foo.bar/ws'
HTTPURL = 'https://foo.bar' # Required
```

## Global
```toml
InsecureFastScrypt = false # Default
RootDir = '~/.chainlink' # Default
ShutdownGracePeriod = '5s' # Default
```


### InsecureFastScrypt
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
InsecureFastScrypt = false # Default
```
InsecureFastScrypt causes all key stores to encrypt using "fast" scrypt params instead. This is insecure and only useful for local testing. DO NOT ENABLE THIS IN PRODUCTION.

### RootDir
```toml
RootDir = '~/.chainlink' # Default
```
RootDir is the Chainlink node's root directory. This is the default directory for logging, database backups, cookies, and other misc Chainlink node files. Chainlink nodes will always ensure this directory has 700 permissions because it might contain sensitive data.

### ShutdownGracePeriod
```toml
ShutdownGracePeriod = '5s' # Default
```
ShutdownGracePeriod is the maximum time allowed to shut down gracefully. If exceeded, the node will terminate immediately to avoid being SIGKILLed.

## Feature
```toml
[Feature]
FeedsManager = true # Default
LogPoller = false # Default
UICSAKeys = false # Default
CCIP = false # Default
```


### FeedsManager
```toml
FeedsManager = true # Default
```
FeedsManager enables the feeds manager service.

### LogPoller
```toml
LogPoller = false # Default
```
LogPoller enables the log poller, an experimental approach to processing logs, required if also using Evm.UseForwarders or OCR2.

### UICSAKeys
```toml
UICSAKeys = false # Default
```
UICSAKeys enables CSA Keys in the UI.

### CCIP
```toml
CCIP = false # Default
```
CCIP enables the CCIP service.

## Database
```toml
[Database]
DefaultIdleInTxSessionTimeout = '1h' # Default
DefaultLockTimeout = '15s' # Default
DefaultQueryTimeout = '10s' # Default
LogQueries = false # Default
MaxIdleConns = 10 # Default
MaxOpenConns = 100 # Default
MigrateOnStartup = true # Default
```


### DefaultIdleInTxSessionTimeout
```toml
DefaultIdleInTxSessionTimeout = '1h' # Default
```
DefaultIdleInTxSessionTimeout is the maximum time allowed for a transaction to be open and idle before timing out. See Postgres `idle_in_transaction_session_timeout` for more details.

### DefaultLockTimeout
```toml
DefaultLockTimeout = '15s' # Default
```
DefaultLockTimeout is the maximum time allowed to wait for database lock of any kind before timing out. See Postgres `lock_timeout` for more details.

### DefaultQueryTimeout
```toml
DefaultQueryTimeout = '10s' # Default
```
DefaultQueryTimeout is the maximum time allowed for standard queries before timing out.

### LogQueries
```toml
LogQueries = false # Default
```
LogQueries tells the Chainlink node to log database queries made using the default logger. SQL statements will be logged at `debug` level. Not all statements can be logged. The best way to get a true log of all SQL statements is to enable SQL statement logging on Postgres.

### MaxIdleConns
```toml
MaxIdleConns = 10 # Default
```
MaxIdleConns configures the maximum number of idle database connections that the Chainlink node will keep open. Think of this as the baseline number of database connections per Chainlink node instance. Increasing this number can help to improve performance under database-heavy workloads.

Postgres has connection limits, so you must use caution when increasing this value. If you are running several instances of a Chainlink node or another application on a single database server, you might run out of Postgres connection slots if you raise this value too high.

### MaxOpenConns
```toml
MaxOpenConns = 100 # Default
```
MaxOpenConns configures the maximum number of database connections that a Chainlink node will have open at any one time. Think of this as the maximum burst upper bound limit of database connections per Chainlink node instance. Increasing this number can help to improve performance under database-heavy workloads.

Postgres has connection limits, so you must use caution when increasing this value. If you are running several instances of a Chainlink node or another application on a single database server, you might run out of Postgres connection slots if you raise this value too high.

### MigrateOnStartup
```toml
MigrateOnStartup = true # Default
```
MigrateOnStartup controls whether a Chainlink node will attempt to automatically migrate the database on boot. If you want more control over your database migration process, set this variable to `false` and manually migrate the database using the CLI `migrate` command instead.

## Database.Backup
```toml
[Database.Backup]
Mode = 'none' # Default
Dir = 'test/backup/dir' # Example
OnVersionUpgrade = true # Default
Frequency = '1h' # Default
```
As a best practice, take regular database backups in case of accidental data loss. This best practice is especially important when you upgrade your Chainlink node to a new version. Chainlink nodes support automated database backups to make this process easier.

NOTE: Dumps can cause high load and massive database latencies, which will negatively impact the normal functioning of the Chainlink node. For this reason, it is recommended to set a `URL` and point it to a read replica if you enable automatic backups.

### Mode
```toml
Mode = 'none' # Default
```
Mode sets the type of automatic database backup, which can be one of _none_, `lite`, or `full`. If enabled, the Chainlink node will always dump a backup on every boot before running migrations. Additionally, it will automatically take database backups that overwrite the backup file for the given version at regular intervals if `Frequency` is set to a non-zero interval.

_none_ - Disables backups.
`lite` - Dumps small tables including configuration and keys that are essential for the node to function, which excludes historical data like job runs, transaction history, etc.
`full` - Dumps the entire database.

It will write to a file like `'Dir'/backup/cl_backup_<VERSION>.dump`. There is one backup dump file per version of the Chainlink node. If you upgrade the node, it will keep the backup taken right before the upgrade migration so you can restore to an older version if necessary.

### Dir
```toml
Dir = 'test/backup/dir' # Example
```
Dir sets the directory to use for saving the backup file. Use this if you want to save the backup file in a directory other than the default ROOT directory.

### OnVersionUpgrade
```toml
OnVersionUpgrade = true # Default
```
OnVersionUpgrade enables automatic backups of the database before running migrations, when you are upgrading to a new version.

### Frequency
```toml
Frequency = '1h' # Default
```
Frequency sets the interval for database dumps, if set to a positive duration and `Mode` is not _none_.

Set to `0` to disable periodic backups.

## Database.Listener
:warning: **_ADVANCED_**: _Do not change these settings unless you know what you are doing._
```toml
[Database.Listener]
MaxReconnectDuration = '10m' # Default
MinReconnectInterval = '1m' # Default
FallbackPollInterval = '30s' # Default
```
These settings control the postgres event listener.

### MaxReconnectDuration
```toml
MaxReconnectDuration = '10m' # Default
```
MaxReconnectDuration is the maximum duration to wait between reconnect attempts.

### MinReconnectInterval
```toml
MinReconnectInterval = '1m' # Default
```
MinReconnectInterval controls the duration to wait before trying to re-establish the database connection after connection loss. After each consecutive failure this interval is doubled, until MaxReconnectInterval is reached.  Successfully completing the connection establishment procedure resets the interval back to MinReconnectInterval.

### FallbackPollInterval
```toml
FallbackPollInterval = '30s' # Default
```
FallbackPollInterval controls how often clients should manually poll as a fallback in case the postgres event was missed/dropped.

## Database.Lock
:warning: **_ADVANCED_**: _Do not change these settings unless you know what you are doing._
```toml
[Database.Lock]
Enabled = true # Default
LeaseDuration = '10s' # Default
LeaseRefreshInterval = '1s' # Default
```
Ideally, you should use a container orchestration system like [Kubernetes](https://kubernetes.io/) to ensure that only one Chainlink node instance can ever use a specific Postgres database. However, some node operators do not have the technical capacity to do this. Common use cases run multiple Chainlink node instances in failover mode as recommended by our official documentation. The first instance takes a lock on the database and subsequent instances will wait trying to take this lock in case the first instance fails.

- If your nodes or applications hold locks open for several hours or days, Postgres is unable to complete internal cleanup tasks. The Postgres maintainers explicitly discourage holding locks open for long periods of time.

Because of the complications with advisory locks, Chainlink nodes with v2.0 and later only support `lease` locking mode. The `lease` locking mode works using the following process:

- Node A creates one row in the database with the client ID and updates it once per second.
- Node B spinlocks and checks periodically to see if the client ID is too old. If the client ID is not updated after a period of time, node B assumes that node A failed and takes over. Node B becomes the owner of the row and updates the client ID once per second.
- If node A comes back, it attempts to take out a lease, realizes that the database has been leased to another process, and exits the entire application immediately.

### Enabled
```toml
Enabled = true # Default
```
Enabled enables the database lock.

### LeaseDuration
```toml
LeaseDuration = '10s' # Default
```
LeaseDuration is how long the lease lock will last before expiring.

### LeaseRefreshInterval
```toml
LeaseRefreshInterval = '1s' # Default
```
LeaseRefreshInterval determines how often to refresh the lease lock. Also controls how often a standby node will check to see if it can grab the lease.

## TelemetryIngress
```toml
[TelemetryIngress]
UniConn = true # Default
Logging = false # Default
BufferSize = 100 # Default
MaxBatchSize = 50 # Default
SendInterval = '500ms' # Default
SendTimeout = '10s' # Default
UseBatchSend = true # Default
```


### UniConn
```toml
UniConn = true # Default
```
UniConn toggles which ws connection style is used.

### Logging
```toml
Logging = false # Default
```
Logging toggles verbose logging of the raw telemetry messages being sent.

### BufferSize
```toml
BufferSize = 100 # Default
```
BufferSize is the number of telemetry messages to buffer before dropping new ones.

### MaxBatchSize
```toml
MaxBatchSize = 50 # Default
```
MaxBatchSize is the maximum number of messages to batch into one telemetry request.

### SendInterval
```toml
SendInterval = '500ms' # Default
```
SendInterval determines how often batched telemetry is sent to the ingress server.

### SendTimeout
```toml
SendTimeout = '10s' # Default
```
SendTimeout is the max duration to wait for the request to complete when sending batch telemetry.

### UseBatchSend
```toml
UseBatchSend = true # Default
```
UseBatchSend toggles sending telemetry to the ingress server using the batch client.

## TelemetryIngress.Endpoints
```toml
[[TelemetryIngress.Endpoints]] # Example
Network = 'EVM' # Example
ChainID = '111551111' # Example
ServerPubKey = 'test-pub-key-111551111-evm' # Example
URL = 'localhost-111551111-evm:9000' # Example
```


### Network
```toml
Network = 'EVM' # Example
```
Network aka EVM, Solana, Starknet

### ChainID
```toml
ChainID = '111551111' # Example
```
ChainID of the network

### ServerPubKey
```toml
ServerPubKey = 'test-pub-key-111551111-evm' # Example
```
ServerPubKey is the public key of the telemetry server.

### URL
```toml
URL = 'localhost-111551111-evm:9000' # Example
```
URL is where to send telemetry.

## AuditLogger
```toml
[AuditLogger]
Enabled = false # Default
ForwardToUrl = 'http://localhost:9898' # Example
JsonWrapperKey = 'event' # Example
Headers = ['Authorization: token', 'X-SomeOther-Header: value with spaces | and a bar+*'] # Example
```


### Enabled
```toml
Enabled = false # Default
```
Enabled determines if this logger should be configured at all

### ForwardToUrl
```toml
ForwardToUrl = 'http://localhost:9898' # Example
```
ForwardToUrl is where you want to forward logs to

### JsonWrapperKey
```toml
JsonWrapperKey = 'event' # Example
```
JsonWrapperKey if set wraps the map of data under another single key to make parsing easier

### Headers
```toml
Headers = ['Authorization: token', 'X-SomeOther-Header: value with spaces | and a bar+*'] # Example
```
Headers is the set of headers you wish to pass along with each request

## Log
```toml
[Log]
Level = 'info' # Default
JSONConsole = false # Default
UnixTS = false # Default
```


### Level
```toml
Level = 'info' # Default
```
Level determines both what is printed on the screen and what is written to the log file.

The available levels are:
- "debug": Useful for forensic debugging of issues.
- "info": High-level informational messages. (default)
- "warn": A mild error occurred that might require non-urgent action. Check these warnings semi-regularly to see if any of them require attention. These warnings usually happen due to factors outside of the control of the node operator. Examples: Unexpected responses from a remote API or misleading networking errors.
- "error": An unexpected error occurred during the regular operation of a well-maintained node. Node operators might need to take action to remedy this error. Check these regularly to see if any of them require attention. Examples: Use of deprecated configuration options or incorrectly configured settings that cause a job to fail.
- "crit": A critical error occurred. The node might be unable to function. Node operators should take immediate action to fix these errors. Examples: The node could not boot because a network socket could not be opened or the database became inaccessible.
- "panic": An exceptional error occurred that could not be handled. If the node is unresponsive, node operators should try to restart their nodes and notify the Chainlink team of a potential bug.
- "fatal": The node encountered an unrecoverable problem and had to exit.

### JSONConsole
```toml
JSONConsole = false # Default
```
JSONConsole enables JSON logging. Otherwise, the log is saved in a human-friendly console format.

### UnixTS
```toml
UnixTS = false # Default
```
UnixTS enables legacy unix timestamps.

Previous versions of Chainlink nodes wrote JSON logs with a unix timestamp. As of v1.1.0 and up, the default has changed to use ISO8601 timestamps for better readability.

## Log.File
```toml
[Log.File]
Dir = '/my/log/directory' # Example
MaxSize = '5120mb' # Default
MaxAgeDays = 0 # Default
MaxBackups = 1 # Default
```


### Dir
```toml
Dir = '/my/log/directory' # Example
```
Dir sets the log directory. By default, Chainlink nodes write log data to `$ROOT/log.jsonl`.

### MaxSize
```toml
MaxSize = '5120mb' # Default
```
MaxSize determines the log file's max size in megabytes before file rotation. Having this not set will disable logging to disk. If your disk doesn't have enough disk space, the logging will pause and the application will log errors until space is available again.

Values must have suffixes with a unit like: `5120mb` (5,120 megabytes). If no unit suffix is provided, the value defaults to `b` (bytes). The list of valid unit suffixes are:

- b (bytes)
- kb (kilobytes)
- mb (megabytes)
- gb (gigabytes)
- tb (terabytes)

### MaxAgeDays
```toml
MaxAgeDays = 0 # Default
```
MaxAgeDays determines the log file's max age in days before file rotation. Keeping this config with the default value will not remove log files based on age.

### MaxBackups
```toml
MaxBackups = 1 # Default
```
MaxBackups determines the maximum number of old log files to retain. Keeping this config with the default value retains all old log files. The `MaxAgeDays` variable can still cause them to get deleted.

## WebServer
```toml
[WebServer]
AuthenticationMethod = 'local' # Default
AllowOrigins = 'http://localhost:3000,http://localhost:6688' # Default
BridgeCacheTTL = '0s' # Default
BridgeResponseURL = 'https://my-chainlink-node.example.com:6688' # Example
HTTPWriteTimeout = '10s' # Default
HTTPPort = 6688 # Default
SecureCookies = true # Default
SessionTimeout = '15m' # Default
SessionReaperExpiration = '240h' # Default
HTTPMaxSize = '32768b' # Default
StartTimeout = '15s' # Default
ListenIP = '0.0.0.0' # Default
```


### AuthenticationMethod
```toml
AuthenticationMethod = 'local' # Default
```
AuthenticationMethod defines which pluggable auth interface to use for user login and role assumption. Options include 'local' and 'ldap'. See docs for more details

### AllowOrigins
```toml
AllowOrigins = 'http://localhost:3000,http://localhost:6688' # Default
```
AllowOrigins controls the URLs Chainlink nodes emit in the `Allow-Origins` header of its API responses. The setting can be a comma-separated list with no spaces. You might experience CORS issues if this is not set correctly.

You should set this to the external URL that you use to access the Chainlink UI.

You can set `AllowOrigins = '*'` to allow the UI to work from any URL, but it is recommended for security reasons to make it explicit instead.

### BridgeCacheTTL
```toml
BridgeCacheTTL = '0s' # Default
```
BridgeCacheTTL controls the cache TTL for all bridge tasks to use old values in newer observations in case of intermittent failure. It's disabled by default.

### BridgeResponseURL
```toml
BridgeResponseURL = 'https://my-chainlink-node.example.com:6688' # Example
```
BridgeResponseURL defines the URL for bridges to send a response to. This _must_ be set when using async external adapters.

Usually this will be the same as the URL/IP and port you use to connect to the Chainlink UI.

### HTTPWriteTimeout
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
HTTPWriteTimeout = '10s' # Default
```
HTTPWriteTimeout controls how long the Chainlink node's API server can hold a socket open for writing a response to an HTTP request. Sometimes, this must be increased for pprof.

### HTTPPort
```toml
HTTPPort = 6688 # Default
```
HTTPPort is the port used for the Chainlink Node API, [CLI](/docs/configuration-variables/#cli-client), and GUI.

### SecureCookies
```toml
SecureCookies = true # Default
```
SecureCookies requires the use of secure cookies for authentication. Set to false to enable standard HTTP requests along with `TLSPort = 0`.

### SessionTimeout
```toml
SessionTimeout = '15m' # Default
```
SessionTimeout determines the amount of idle time to elapse before session cookies expire. This signs out GUI users from their sessions.

### SessionReaperExpiration
```toml
SessionReaperExpiration = '240h' # Default
```
SessionReaperExpiration represents how long an API session lasts before expiring and requiring a new login.

### HTTPMaxSize
```toml
HTTPMaxSize = '32768b' # Default
```
HTTPMaxSize defines the maximum size for HTTP requests and responses made by the node server.

### StartTimeout
```toml
StartTimeout = '15s' # Default
```
StartTimeout defines the maximum amount of time the node will wait for a server to start.

### ListenIP
```toml
ListenIP = '0.0.0.0' # Default
```
ListenIP specifies the IP to bind the HTTP server to

## WebServer.LDAP
```toml
[WebServer.LDAP]
ServerTLS = true # Default
SessionTimeout = '15m0s' # Default
QueryTimeout = '2m0s' # Default
BaseUserAttr = 'uid' # Default
BaseDN = 'dc=custom,dc=example,dc=com' # Example
UsersDN = 'ou=users' # Default
GroupsDN = 'ou=groups' # Default
ActiveAttribute = '' # Default
ActiveAttributeAllowedValue = '' # Default
AdminUserGroupCN = 'NodeAdmins' # Default
EditUserGroupCN = 'NodeEditors' # Default
RunUserGroupCN = 'NodeRunners' # Default
ReadUserGroupCN = 'NodeReadOnly' # Default
UserApiTokenEnabled = false # Default
UserAPITokenDuration = '240h0m0s' # Default
UpstreamSyncInterval = '0s' # Default
UpstreamSyncRateLimit = '2m0s' # Default
```
Optional LDAP config if WebServer.AuthenticationMethod is set to 'ldap'
LDAP queries are all parameterized to support custom LDAP 'dn', 'cn', and attributes

### ServerTLS
```toml
ServerTLS = true # Default
```
ServerTLS defines the option to require the secure ldaps

### SessionTimeout
```toml
SessionTimeout = '15m0s' # Default
```
SessionTimeout determines the amount of idle time to elapse before session cookies expire. This signs out GUI users from their sessions.

### QueryTimeout
```toml
QueryTimeout = '2m0s' # Default
```
QueryTimeout defines how long queries should wait before timing out, defined in seconds

### BaseUserAttr
```toml
BaseUserAttr = 'uid' # Default
```
BaseUserAttr defines the base attribute used to populate LDAP queries such as "uid=$", default is example

### BaseDN
```toml
BaseDN = 'dc=custom,dc=example,dc=com' # Example
```
BaseDN defines the base LDAP 'dn' search filter to apply to every LDAP query, replace example,com with the appropriate LDAP server's structure

### UsersDN
```toml
UsersDN = 'ou=users' # Default
```
UsersDN defines the 'dn' query to use when querying for the 'users' 'ou' group

### GroupsDN
```toml
GroupsDN = 'ou=groups' # Default
```
GroupsDN defines the 'dn' query to use when querying for the 'groups' 'ou' group

### ActiveAttribute
```toml
ActiveAttribute = '' # Default
```
ActiveAttribute is an optional user field to check truthiness for if a user is valid/active. This is only required if the LDAP provider lists inactive users as members of groups

### ActiveAttributeAllowedValue
```toml
ActiveAttributeAllowedValue = '' # Default
```
ActiveAttributeAllowedValue is the value to check against for the above optional user attribute

### AdminUserGroupCN
```toml
AdminUserGroupCN = 'NodeAdmins' # Default
```
AdminUserGroupCN is the LDAP 'cn' of the LDAP group that maps the core node's 'Admin' role

### EditUserGroupCN
```toml
EditUserGroupCN = 'NodeEditors' # Default
```
EditUserGroupCN is the LDAP 'cn' of the LDAP group that maps the core node's 'Edit' role

### RunUserGroupCN
```toml
RunUserGroupCN = 'NodeRunners' # Default
```
RunUserGroupCN is the LDAP 'cn' of the LDAP group that maps the core node's 'Run' role

### ReadUserGroupCN
```toml
ReadUserGroupCN = 'NodeReadOnly' # Default
```
ReadUserGroupCN is the LDAP 'cn' of the LDAP group that maps the core node's 'Read' role

### UserApiTokenEnabled
```toml
UserApiTokenEnabled = false # Default
```
UserApiTokenEnabled enables the users to issue API tokens with the same access of their role

### UserAPITokenDuration
```toml
UserAPITokenDuration = '240h0m0s' # Default
```
UserAPITokenDuration is the duration of time an API token is active for before expiring

### UpstreamSyncInterval
```toml
UpstreamSyncInterval = '0s' # Default
```
UpstreamSyncInterval is the interval at which the background LDAP sync task will be called. A '0s' value disables the background sync being run on an interval. This check is already performed during login/logout actions, all sessions and API tokens stored in the local ldap tables are updated to match the remote server

### UpstreamSyncRateLimit
```toml
UpstreamSyncRateLimit = '2m0s' # Default
```
UpstreamSyncRateLimit defines a duration to limit the number of query/API calls to the upstream LDAP provider. It prevents the sync functionality from being called multiple times within the defined duration

## WebServer.RateLimit
```toml
[WebServer.RateLimit]
Authenticated = 1000 # Default
AuthenticatedPeriod = '1m' # Default
Unauthenticated = 5 # Default
UnauthenticatedPeriod = '20s' # Default
```


### Authenticated
```toml
Authenticated = 1000 # Default
```
Authenticated defines the threshold to which authenticated requests get limited. More than this many authenticated requests per `AuthenticatedRateLimitPeriod` will be rejected.

### AuthenticatedPeriod
```toml
AuthenticatedPeriod = '1m' # Default
```
AuthenticatedPeriod defines the period to which authenticated requests get limited.

### Unauthenticated
```toml
Unauthenticated = 5 # Default
```
Unauthenticated defines the threshold to which authenticated requests get limited. More than this many unauthenticated requests per `UnAuthenticatedRateLimitPeriod` will be rejected.

### UnauthenticatedPeriod
```toml
UnauthenticatedPeriod = '20s' # Default
```
UnauthenticatedPeriod defines the period to which unauthenticated requests get limited.

## WebServer.MFA
```toml
[WebServer.MFA]
RPID = 'localhost' # Example
RPOrigin = 'http://localhost:6688/' # Example
```
The Operator UI frontend supports enabling Multi Factor Authentication via Webauthn per account. When enabled, logging in will require the account password and a hardware or OS security key such as Yubikey. To enroll, log in to the operator UI and click the circle purple profile button at the top right and then click **Register MFA Token**. Tap your hardware security key or use the OS public key management feature to enroll a key. Next time you log in, this key will be required to authenticate.

### RPID
```toml
RPID = 'localhost' # Example
```
RPID is the FQDN of where the Operator UI is served. When serving locally, the value should be `localhost`.

### RPOrigin
```toml
RPOrigin = 'http://localhost:6688/' # Example
```
RPOrigin is the origin URL where WebAuthn requests initiate, including scheme and port. When serving locally, the value should be `http://localhost:6688/`.

## WebServer.TLS
```toml
[WebServer.TLS]
CertPath = '~/.cl/certs' # Example
Host = 'tls-host' # Example
KeyPath = '/home/$USER/.chainlink/tls/server.key' # Example
HTTPSPort = 6689 # Default
ForceRedirect = false # Default
ListenIP = '0.0.0.0' # Default
```
The TLS settings apply only if you want to enable TLS security on your Chainlink node.

### CertPath
```toml
CertPath = '~/.cl/certs' # Example
```
CertPath is the location of the TLS certificate file.

### Host
```toml
Host = 'tls-host' # Example
```
Host is the hostname configured for TLS to be used by the Chainlink node. This is useful if you configured a domain name specific for your Chainlink node.

### KeyPath
```toml
KeyPath = '/home/$USER/.chainlink/tls/server.key' # Example
```
KeyPath is the location of the TLS private key file.

### HTTPSPort
```toml
HTTPSPort = 6689 # Default
```
HTTPSPort is the port used for HTTPS connections. Set this to `0` to disable HTTPS. Disabling HTTPS also relieves Chainlink nodes of the requirement for a TLS certificate.

### ForceRedirect
```toml
ForceRedirect = false # Default
```
ForceRedirect forces TLS redirect for unencrypted connections.

### ListenIP
```toml
ListenIP = '0.0.0.0' # Default
```
ListenIP specifies the IP to bind the HTTPS server to

## JobPipeline
```toml
[JobPipeline]
ExternalInitiatorsEnabled = false # Default
MaxRunDuration = '10m' # Default
MaxSuccessfulRuns = 10000 # Default
ReaperInterval = '1h' # Default
ReaperThreshold = '24h' # Default
ResultWriteQueueDepth = 100 # Default
VerboseLogging = true # Default
```


### ExternalInitiatorsEnabled
```toml
ExternalInitiatorsEnabled = false # Default
```
ExternalInitiatorsEnabled enables the External Initiator feature. If disabled, `webhook` jobs can ONLY be initiated by a logged-in user. If enabled, `webhook` jobs can be initiated by a whitelisted external initiator.

### MaxRunDuration
```toml
MaxRunDuration = '10m' # Default
```
MaxRunDuration is the maximum time allowed for a single job run. If it takes longer, it will exit early and be marked errored. If set to zero, disables the time limit completely.

### MaxSuccessfulRuns
```toml
MaxSuccessfulRuns = 10000 # Default
```
MaxSuccessfulRuns caps the number of completed successful runs per pipeline
spec in the database. You can set it to zero as a performance optimisation;
this will avoid saving any successful run.

Note this is not a hard cap, it can drift slightly larger than this but not
by more than 5% or so.

### ReaperInterval
```toml
ReaperInterval = '1h' # Default
```
ReaperInterval controls how often the job pipeline reaper will run to delete completed jobs older than ReaperThreshold, in order to keep database size manageable.

Set to `0` to disable the periodic reaper.

### ReaperThreshold
```toml
ReaperThreshold = '24h' # Default
```
ReaperThreshold determines the age limit for job runs. Completed job runs older than this will be automatically purged from the database.

### ResultWriteQueueDepth
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
ResultWriteQueueDepth = 100 # Default
```
ResultWriteQueueDepth controls how many writes will be buffered before subsequent writes are dropped, for jobs that write results asynchronously for performance reasons, such as OCR.

### VerboseLogging
```toml
VerboseLogging = true # Default
```
VerboseLogging enables detailed logging of pipeline execution steps.
This can be useful for debugging failed runs without relying on the UI
or database.

You may disable if this results in excessive log volume.

## JobPipeline.HTTPRequest
```toml
[JobPipeline.HTTPRequest]
DefaultTimeout = '15s' # Default
MaxSize = '32768' # Default
```


### DefaultTimeout
```toml
DefaultTimeout = '15s' # Default
```
DefaultTimeout defines the default timeout for HTTP requests made by `http` and `bridge` adapters.

### MaxSize
```toml
MaxSize = '32768' # Default
```
MaxSize defines the maximum size for HTTP requests and responses made by `http` and `bridge` adapters.

## FluxMonitor
```toml
[FluxMonitor]
DefaultTransactionQueueDepth = 1 # Default
SimulateTransactions = false # Default
```


### DefaultTransactionQueueDepth
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
DefaultTransactionQueueDepth = 1 # Default
```
DefaultTransactionQueueDepth controls the queue size for `DropOldestStrategy` in Flux Monitor. Set to 0 to use `SendEvery` strategy instead.

### SimulateTransactions
```toml
SimulateTransactions = false # Default
```
SimulateTransactions enables transaction simulation for Flux Monitor.

## OCR2
```toml
[OCR2]
Enabled = false # Default
ContractConfirmations = 3 # Default
BlockchainTimeout = '20s' # Default
ContractPollInterval = '1m' # Default
ContractSubscribeInterval = '2m' # Default
ContractTransmitterTransmitTimeout = '10s' # Default
DatabaseTimeout = '10s' # Default
KeyBundleID = '7a5f66bbe6594259325bf2b4f5b1a9c900000000000000000000000000000000' # Example
CaptureEATelemetry = false # Default
CaptureAutomationCustomTelemetry = true # Default
DefaultTransactionQueueDepth = 1 # Default
SimulateTransactions = false # Default
TraceLogging = false # Default
```


### Enabled
```toml
Enabled = false # Default
```
Enabled enables OCR2 jobs.

### ContractConfirmations
```toml
ContractConfirmations = 3 # Default
```
ContractConfirmations is the number of block confirmations to wait for before enacting an on-chain
configuration change. This value doesn't need to be very high (in
particular, it does not need to protect against malicious re-orgs).
Since configuration changes create some overhead, and mini-reorgs
are fairly common, recommended values are between two and ten.

Malicious re-orgs are not any more of concern here than they are in
blockchain applications in general: Since nodes check the contract for the
latest config every ContractConfigTrackerPollInterval.Seconds(), they will
come to a common view of the current config within any interval longer than
that, as long as the latest setConfig transaction in the longest chain is
stable. They will thus be able to continue reporting after the poll
interval, unless an adversary is able to repeatedly re-org the transaction
out during every poll interval, which would amount to the capability to
censor any transaction.

Note that 1 confirmation implies that the transaction/event has been mined in one block.
0 confirmations would imply that the event would be recognised before it has even been mined, which is not currently supported.
e.g.
Current block height: 42
Changed in block height: 43
Contract config confirmations: 1
STILL PENDING

Current block height: 43
Changed in block height: 43
Contract config confirmations: 1
CONFIRMED

### BlockchainTimeout
```toml
BlockchainTimeout = '20s' # Default
```
BlockchainTimeout is the timeout for blockchain queries (mediated through
ContractConfigTracker and ContractTransmitter).
(This is necessary because an oracle's operations are serialized, so
blocking forever on a chain interaction would break the oracle.)

### ContractPollInterval
```toml
ContractPollInterval = '1m' # Default
```
ContractPollInterval is the polling interval at which ContractConfigTracker is queried for# updated on-chain configurations. Recommended values are between
fifteen seconds and two minutes.

### ContractSubscribeInterval
```toml
ContractSubscribeInterval = '2m' # Default
```
ContractSubscribeInterval is the interval at which we try to establish a subscription on ContractConfigTracker
if one doesn't exist. Recommended values are between two and five minutes.

### ContractTransmitterTransmitTimeout
```toml
ContractTransmitterTransmitTimeout = '10s' # Default
```
ContractTransmitterTransmitTimeout is the timeout for ContractTransmitter.Transmit calls.

### DatabaseTimeout
```toml
DatabaseTimeout = '10s' # Default
```
DatabaseTimeout is the timeout for database interactions.
(This is necessary because an oracle's operations are serialized, so
blocking forever on an observation would break the oracle.)

### KeyBundleID
```toml
KeyBundleID = '7a5f66bbe6594259325bf2b4f5b1a9c900000000000000000000000000000000' # Example
```
KeyBundleID is a sha256 hexadecimal hash identifier.

### CaptureEATelemetry
```toml
CaptureEATelemetry = false # Default
```
CaptureEATelemetry toggles collecting extra information from External Adaptares

### CaptureAutomationCustomTelemetry
```toml
CaptureAutomationCustomTelemetry = true # Default
```
CaptureAutomationCustomTelemetry toggles collecting automation specific telemetry

### DefaultTransactionQueueDepth
```toml
DefaultTransactionQueueDepth = 1 # Default
```
DefaultTransactionQueueDepth controls the queue size for `DropOldestStrategy` in OCR2. Set to 0 to use `SendEvery` strategy instead.

### SimulateTransactions
```toml
SimulateTransactions = false # Default
```
SimulateTransactions enables transaction simulation for OCR2.

### TraceLogging
```toml
TraceLogging = false # Default
```
TraceLogging enables trace level logging.

## OCR
```toml
[OCR]
Enabled = false # Default
ObservationTimeout = '5s' # Default
BlockchainTimeout = '20s' # Default
ContractPollInterval = '1m' # Default
ContractSubscribeInterval = '2m' # Default
DefaultTransactionQueueDepth = 1 # Default
KeyBundleID = 'acdd42797a8b921b2910497badc5000600000000000000000000000000000000' # Example
SimulateTransactions = false # Default
TransmitterAddress = '0xa0788FC17B1dEe36f057c42B6F373A34B014687e' # Example
CaptureEATelemetry = false # Default
TraceLogging = false # Default
```
This section applies only if you are running off-chain reporting jobs.

### Enabled
```toml
Enabled = false # Default
```
Enabled enables OCR jobs.

### ObservationTimeout
```toml
ObservationTimeout = '5s' # Default
```
ObservationTimeout is the timeout for making observations using the DataSource.Observe method.
(This is necessary because an oracle's operations are serialized, so
blocking forever on an observation would break the oracle.)

### BlockchainTimeout
```toml
BlockchainTimeout = '20s' # Default
```
BlockchainTimeout is the timeout for blockchain queries (mediated through
ContractConfigTracker and ContractTransmitter).
(This is necessary because an oracle's operations are serialized, so
blocking forever on a chain interaction would break the oracle.)

### ContractPollInterval
```toml
ContractPollInterval = '1m' # Default
```
ContractPollInterval is the polling interval at which ContractConfigTracker is queried for
updated on-chain configurations. Recommended values are between
fifteen seconds and two minutes.

### ContractSubscribeInterval
```toml
ContractSubscribeInterval = '2m' # Default
```
ContractSubscribeInterval is the interval at which we try to establish a subscription on ContractConfigTracker
if one doesn't exist. Recommended values are between two and five minutes.

### DefaultTransactionQueueDepth
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
DefaultTransactionQueueDepth = 1 # Default
```
DefaultTransactionQueueDepth controls the queue size for `DropOldestStrategy` in OCR. Set to 0 to use `SendEvery` strategy instead.

### KeyBundleID
```toml
KeyBundleID = 'acdd42797a8b921b2910497badc5000600000000000000000000000000000000' # Example
```
KeyBundleID is the default key bundle ID to use for OCR jobs. If you have an OCR job that does not explicitly specify a key bundle ID, it will fall back to this value.

### SimulateTransactions
```toml
SimulateTransactions = false # Default
```
SimulateTransactions enables transaction simulation for OCR.

### TransmitterAddress
```toml
TransmitterAddress = '0xa0788FC17B1dEe36f057c42B6F373A34B014687e' # Example
```
TransmitterAddress is the default sending address to use for OCR. If you have an OCR job that does not explicitly specify a transmitter address, it will fall back to this value.

### CaptureEATelemetry
```toml
CaptureEATelemetry = false # Default
```
CaptureEATelemetry toggles collecting extra information from External Adaptares

### TraceLogging
```toml
TraceLogging = false # Default
```
TraceLogging enables trace level logging.

## P2P
```toml
[P2P]
IncomingMessageBufferSize = 10 # Default
OutgoingMessageBufferSize = 10 # Default
PeerID = '12D3KooWMoejJznyDuEk5aX6GvbjaG12UzeornPCBNzMRqdwrFJw' # Example
TraceLogging = false # Default
```
P2P has a versioned networking stack. Currenly only `[P2P.V2]` is supported.
All nodes in the OCR network should share the same networking stack.

### IncomingMessageBufferSize
```toml
IncomingMessageBufferSize = 10 # Default
```
IncomingMessageBufferSize is the per-remote number of incoming
messages to buffer. Any additional messages received on top of those
already in the queue will be dropped.

### OutgoingMessageBufferSize
```toml
OutgoingMessageBufferSize = 10 # Default
```
OutgoingMessageBufferSize is the per-remote number of outgoing
messages to buffer. Any additional messages send on top of those
already in the queue will displace the oldest.
NOTE: OutgoingMessageBufferSize should be comfortably smaller than remote's
IncomingMessageBufferSize to give the remote enough space to process
them all in case we regained connection and now send a bunch at once

### PeerID
```toml
PeerID = '12D3KooWMoejJznyDuEk5aX6GvbjaG12UzeornPCBNzMRqdwrFJw' # Example
```
PeerID is the default peer ID to use for OCR jobs. If unspecified, uses the first available peer ID.

### TraceLogging
```toml
TraceLogging = false # Default
```
TraceLogging enables trace level logging.

## P2P.V2
```toml
[P2P.V2]
Enabled = true # Default
AnnounceAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
DefaultBootstrappers = ['12D3KooWMHMRLQkgPbFSYHwD3NBuwtS1AmxhvKVUrcfyaGDASR4U@1.2.3.4:9999', '12D3KooWM55u5Swtpw9r8aFLQHEtw7HR4t44GdNs654ej5gRs2Dh@example.com:1234'] # Example
DeltaDial = '15s' # Default
DeltaReconcile = '1m' # Default
ListenAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
```


### Enabled
```toml
Enabled = true # Default
```
Enabled enables P2P V2.
Note: V1.Enabled is true by default, so it must be set false in order to run V2 only.

### AnnounceAddresses
```toml
AnnounceAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
```
AnnounceAddresses is the addresses the peer will advertise on the network in `host:port` form as accepted by the TCP version of Go’s `net.Dial`.
The addresses should be reachable by other nodes on the network. When attempting to connect to another node,
a node will attempt to dial all of the other node’s AnnounceAddresses in round-robin fashion.

### DefaultBootstrappers
```toml
DefaultBootstrappers = ['12D3KooWMHMRLQkgPbFSYHwD3NBuwtS1AmxhvKVUrcfyaGDASR4U@1.2.3.4:9999', '12D3KooWM55u5Swtpw9r8aFLQHEtw7HR4t44GdNs654ej5gRs2Dh@example.com:1234'] # Example
```
DefaultBootstrappers is the default bootstrapper peers for libocr's v2 networking stack.

Oracle nodes typically only know each other’s PeerIDs, but not their hostnames, IP addresses, or ports.
DefaultBootstrappers are special nodes that help other nodes discover each other’s `AnnounceAddresses` so they can communicate.
Nodes continuously attempt to connect to bootstrappers configured in here. When a node wants to connect to another node
(which it knows only by PeerID, but not by address), it discovers the other node’s AnnounceAddresses from communications
received from its DefaultBootstrappers or other discovered nodes. To facilitate discovery,
nodes will regularly broadcast signed announcements containing their PeerID and AnnounceAddresses.

### DeltaDial
```toml
DeltaDial = '15s' # Default
```
DeltaDial controls how far apart Dial attempts are

### DeltaReconcile
```toml
DeltaReconcile = '1m' # Default
```
DeltaReconcile controls how often a Reconcile message is sent to every peer.

### ListenAddresses
```toml
ListenAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
```
ListenAddresses is the addresses the peer will listen to on the network in `host:port` form as accepted by `net.Listen()`,
but the host and port must be fully specified and cannot be empty. You can specify `0.0.0.0` (IPv4) or `::` (IPv6) to listen on all interfaces, but that is not recommended.

## Capabilities.ExternalRegistry
```toml
[Capabilities.ExternalRegistry]
Address = '0x0' # Example
NetworkID = 'evm' # Default
ChainID = '1' # Default
```


### Address
```toml
Address = '0x0' # Example
```
Address is the address for the capabilities registry contract.

### NetworkID
```toml
NetworkID = 'evm' # Default
```
NetworkID identifies the target network where the remote registry is located.

### ChainID
```toml
ChainID = '1' # Default
```
ChainID identifies the target chain id where the remote registry is located.

## Capabilities.Peering
```toml
[Capabilities.Peering]
IncomingMessageBufferSize = 10 # Default
OutgoingMessageBufferSize = 10 # Default
PeerID = '12D3KooWMoejJznyDuEk5aX6GvbjaG12UzeornPCBNzMRqdwrFJw' # Example
TraceLogging = false # Default
```


### IncomingMessageBufferSize
```toml
IncomingMessageBufferSize = 10 # Default
```
IncomingMessageBufferSize is the per-remote number of incoming
messages to buffer. Any additional messages received on top of those
already in the queue will be dropped.

### OutgoingMessageBufferSize
```toml
OutgoingMessageBufferSize = 10 # Default
```
OutgoingMessageBufferSize is the per-remote number of outgoing
messages to buffer. Any additional messages send on top of those
already in the queue will displace the oldest.
NOTE: OutgoingMessageBufferSize should be comfortably smaller than remote's
IncomingMessageBufferSize to give the remote enough space to process
them all in case we regained connection and now send a bunch at once

### PeerID
```toml
PeerID = '12D3KooWMoejJznyDuEk5aX6GvbjaG12UzeornPCBNzMRqdwrFJw' # Example
```
PeerID is the default peer ID to use for OCR jobs. If unspecified, uses the first available peer ID.

### TraceLogging
```toml
TraceLogging = false # Default
```
TraceLogging enables trace level logging.

## Capabilities.Peering.V2
```toml
[Capabilities.Peering.V2]
Enabled = false # Default
AnnounceAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
DefaultBootstrappers = ['12D3KooWMHMRLQkgPbFSYHwD3NBuwtS1AmxhvKVUrcfyaGDASR4U@1.2.3.4:9999', '12D3KooWM55u5Swtpw9r8aFLQHEtw7HR4t44GdNs654ej5gRs2Dh@example.com:1234'] # Example
DeltaDial = '15s' # Default
DeltaReconcile = '1m' # Default
ListenAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
```


### Enabled
```toml
Enabled = false # Default
```
Enabled enables P2P V2.

### AnnounceAddresses
```toml
AnnounceAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
```
AnnounceAddresses is the addresses the peer will advertise on the network in `host:port` form as accepted by the TCP version of Go’s `net.Dial`.
The addresses should be reachable by other nodes on the network. When attempting to connect to another node,
a node will attempt to dial all of the other node’s AnnounceAddresses in round-robin fashion.

### DefaultBootstrappers
```toml
DefaultBootstrappers = ['12D3KooWMHMRLQkgPbFSYHwD3NBuwtS1AmxhvKVUrcfyaGDASR4U@1.2.3.4:9999', '12D3KooWM55u5Swtpw9r8aFLQHEtw7HR4t44GdNs654ej5gRs2Dh@example.com:1234'] # Example
```
DefaultBootstrappers is the default bootstrapper peers for libocr's v2 networking stack.

Oracle nodes typically only know each other’s PeerIDs, but not their hostnames, IP addresses, or ports.
DefaultBootstrappers are special nodes that help other nodes discover each other’s `AnnounceAddresses` so they can communicate.
Nodes continuously attempt to connect to bootstrappers configured in here. When a node wants to connect to another node
(which it knows only by PeerID, but not by address), it discovers the other node’s AnnounceAddresses from communications
received from its DefaultBootstrappers or other discovered nodes. To facilitate discovery,
nodes will regularly broadcast signed announcements containing their PeerID and AnnounceAddresses.

### DeltaDial
```toml
DeltaDial = '15s' # Default
```
DeltaDial controls how far apart Dial attempts are

### DeltaReconcile
```toml
DeltaReconcile = '1m' # Default
```
DeltaReconcile controls how often a Reconcile message is sent to every peer.

### ListenAddresses
```toml
ListenAddresses = ['1.2.3.4:9999', '[a52d:0:a88:1274::abcd]:1337'] # Example
```
ListenAddresses is the addresses the peer will listen to on the network in `host:port` form as accepted by `net.Listen()`,
but the host and port must be fully specified and cannot be empty. You can specify `0.0.0.0` (IPv4) or `::` (IPv6) to listen on all interfaces, but that is not recommended.

## Keeper
```toml
[Keeper]
DefaultTransactionQueueDepth = 1 # Default
GasPriceBufferPercent = 20 # Default
GasTipCapBufferPercent = 20 # Default
BaseFeeBufferPercent = 20 # Default
MaxGracePeriod = 100 # Default
TurnLookBack = 1_000 # Default
```


### DefaultTransactionQueueDepth
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
DefaultTransactionQueueDepth = 1 # Default
```
DefaultTransactionQueueDepth controls the queue size for `DropOldestStrategy` in Keeper. Set to 0 to use `SendEvery` strategy instead.

### GasPriceBufferPercent
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
GasPriceBufferPercent = 20 # Default
```
GasPriceBufferPercent specifies the percentage to add to the gas price used for checking whether to perform an upkeep. Only applies in legacy mode (EIP-1559 off).

### GasTipCapBufferPercent
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
GasTipCapBufferPercent = 20 # Default
```
GasTipCapBufferPercent specifies the percentage to add to the gas price used for checking whether to perform an upkeep. Only applies in EIP-1559 mode.

### BaseFeeBufferPercent
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
BaseFeeBufferPercent = 20 # Default
```
BaseFeeBufferPercent specifies the percentage to add to the base fee used for checking whether to perform an upkeep. Applies only in EIP-1559 mode.

### MaxGracePeriod
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
MaxGracePeriod = 100 # Default
```
MaxGracePeriod is the maximum number of blocks that a keeper will wait after performing an upkeep before it resumes checking that upkeep

### TurnLookBack
```toml
TurnLookBack = 1_000 # Default
```
TurnLookBack is the number of blocks in the past to look back when getting a block for a turn.

## Keeper.Registry
```toml
[Keeper.Registry]
CheckGasOverhead = 200_000 # Default
PerformGasOverhead = 300_000 # Default
SyncInterval = '30m' # Default
MaxPerformDataSize = 5_000 # Default
SyncUpkeepQueueSize = 10 # Default
```


### CheckGasOverhead
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
CheckGasOverhead = 200_000 # Default
```
CheckGasOverhead is the amount of extra gas to provide checkUpkeep() calls to account for the gas consumed by the keeper registry.

### PerformGasOverhead
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
PerformGasOverhead = 300_000 # Default
```
PerformGasOverhead is the amount of extra gas to provide performUpkeep() calls to account for the gas consumed by the keeper registry

### SyncInterval
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
SyncInterval = '30m' # Default
```
SyncInterval is the interval in which the RegistrySynchronizer performs a full sync of the keeper registry contract it is tracking.

### MaxPerformDataSize
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
MaxPerformDataSize = 5_000 # Default
```
MaxPerformDataSize is the max size of perform data.

### SyncUpkeepQueueSize
:warning: **_ADVANCED_**: _Do not change this setting unless you know what you are doing._
```toml
SyncUpkeepQueueSize = 10 # Default
```
SyncUpkeepQueueSize represents the maximum number of upkeeps