Backbone Configuration Guide

The Backbone server is the core component of Nebula, responsible for storing encrypted secrets and managing global parameters required for Attribute-Based Encryption (ABE).

This guide provides a detailed explanation of the Backbone configuration file, enabling you to tailor Nebula to your specific environment and requirements.

Configuration File Overview

port = 8080
jwks_url = "http://authorization:9000/jwks"

[database]
host = "db"
port = 5432
database_name = "postgres"
auth.method = "CREDENTIAL"
auth.username = "postgres"
auth.password = "password"

[workspace]
type = "STATIC"
name = "default" # Change this to the name of your workspace

# if you want to use dynamic workspace, you can use the following configuration
# [workspace]
# type = "DYNAMIC"

This configuration file is written in TOML format and is divided into several sections.

---

Configuration Details

Port

port specifies the port on which the Backbone server listens for incoming requests.

JWKs URL Configuration

jwks_url where the Authorization server exposes its JSON Web Key Set (JWKS) endpoint.

note

Ensure that the jwks_url is accessible from the Backbone server.

(Optional) JWKs Refresh Interval

jwks_refresh_interval specifies the interval (in seconds) at which the server revalidates the JWKs from the authorization server.

• Default: 10 seconds

Database Configuration

[database] section configures the connection to the PostgreSQL database used by the Backbone server.

Host

host specifies the hostname or IP address of the PostgreSQL database server.

Port

port specifies the port on which the PostgreSQL database server is listening.

Database Name

database_name specifies the name of the PostgreSQL database for storing the workspace metadata.

Authentication Method

auth.method specifies the authentication method used to connect to the PostgreSQL database. The available options are:

• CREDENTIAL: Uses a username and password for authentication.
• RDS_IAM_AUTH: Uses AWS RDS IAM authentication.

Credential

Username

auth.username specifies the username used to authenticate with the PostgreSQL database.

Password

auth.password specifies the password used to authenticate with the PostgreSQL database.

AWS RDS IAM

Username

auth.username specifies the username used to authenticate with the PostgreSQL database.

CORS Configuration

[cors] section allows you to configure Cross-Origin Resource Sharing (CORS) settings for the Backbone server. The available options are:

• ALLOW_ALL: Allows requests from any origin.
• ALLOW_LIST: Allows requests from specific origins. Also, wildcard characters can be used to match multiple origins.

All Origins

[cors]
type = "ALLOW_ALL"

List

[cors]
type = "ALLOW_LIST"
domains = ["http://localhost:3000", "https://*.example.com"]

warning

Wildcard characters should be used only once in the origin URL. (e.g., https://*.example.com).

Workspace Configuration

[workspace] section configures the workspace settings for the Backbone server. The available options are:

• STATIC: Uses a single workspace for all users.
• DYNAMIC: Allows users to create and manage their workspaces dynamically.

Static

[workspace]
type = "STATIC"
name = "<workspace_name>"

Dynamic

[workspace]
type = "DYNAMIC"

info

You have to create and initialize for each workspace in the database before using the dynamic workspace.