DataLayer Permissions
Intro
Chia DataLayer™ is a decentralized database that enables the redundant storage of off-chain data, auditable on the Chia blockchain. DataLayer uses an open and permissionless publish/subscribe model, which makes it possible for anyone to view and audit the data.
Many users -- especially those in the enterprise space -- would like to keep their data private.
DataLayer Permissions give owners of data stores a method to gate participation, thus keeping their data private. This is accomplished by using customizable plugins.
This guide will show you how to get started with DataLayer Permissions. Additional resources include:
- DataLayer user guide -- You should already be familiar with using DataLayer before working with permissions. This guide will help you to get started
- S3 plugin -- This is the reference plugin for Amazon S3 integration. It is discussed later in this guide
- Source API calls -- In case you want to dig into the source code
- CLI documentation for DataLayer
- RPC documentation for DataLayer
About DataLayer permissions
Support for permissions were added to DataLayer in version 1.8.0 of the Chia reference wallet. The permissioning system requires uploader (publisher) and downloader (subscriber) plugins, which function as follows:
- When you push any changes to your DataLayer singleton, the uploader plugin is called
- When one of your subscribed singletons makes any on-chain changes, the downloader plugin is called
The uploader and downloader plugins take the form of a service that exposes a specific RESTful API that DataLayer will call. This service can be configured in multiple different ways:
- Uploader only
- Downloader only
- Both uploader and downloader
Multiple instances of the same service are also possible. The service can be configured to require credentials, thereby gating access to data.
Chia configuration
To configure Chia to use DataLayer permissions, you need to add a list of URLs to config.yaml which allows access to the uploaders and downloaders. The settings to configure are new as of 1.8.0. To add them, you have two options:
-
Start from scratch
- Delete or rename
~/.chia/mainnet/config/config.yaml
- Run
chia init
; a new copy of config.yaml that contains the new settings will be generated
- Delete or rename
-
Add the settings manually
- Edit
~/.chia/mainnet/config/config.yaml
- Under the
data_layer:
settings, add the following new lines:downloaders: []
uploaders: []
- Edit
At this point, you can edit config.yaml and add the URL path(s) to either or both of the plugins. Be sure to remove the square brackets []
if you add any URLs. For example, a snippet of config.yaml with the uploaders and downloaders configured might look like this:
data_layer:
client_timeout: 15
database_path: data_layer/db/data_layer_CHALLENGE.sqlite
downloaders:
- http://localhost:9456
- http://localhost:3145
---
uploaders:
- http://localhost:9456
- http://localhost:9384
Finally, restart Chia, ensuring that DataLayer and the propagation server are both configured to run. This is the only configuration that is required in Chia itself. The rest of the configuration is left up to the plugin service.
REST API
The expected REST API for the plugins is as follows - all requests are POST
requests.
TLS connections are not yet supported. They may work as long as the proper root certificates are in the Chia certificate bundle, but this is untested.