refactor(cmd-api-server): clean up configuration parameters #720

BREAKING CHANGE: Removed the `keyPairPem` parameter from the API server configuration. fixes: #720 Parameters cleaned up are: cactusNodeId, consortiumId, keychainSuffixKeyPairPem Cleaning the three mentioned parameters are backwards compatible with tags versions: v1.0.0-rc.3 and v1.0.0 The latest tag being used as of this change is v1.0.0-25-gdda3f00c Signed-off-by: ruzell22 <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>
hyperledger-cacti · Sep 8, 2023 · 1f00d24 · 1f00d24
1 parent 55a1507
commit 1f00d24
Show file tree

Hide file tree

Showing 10 changed files with 18 additions and 129 deletions.
diff --git a/examples/cactus-example-carbon-accounting-backend/example-config.json b/examples/cactus-example-carbon-accounting-backend/example-config.json
@@ -1,8 +1,6 @@
 {
     "configFile": ".config.json",
     "authorizationConfigJson" : {},
-    "cactusNodeId": "972b1aec-a027-4dfb-bf0f-3811ad8d15e4",
-    "consortiumId": "fb3edae7-46db-4e84-837e-c66f6f2bc78e",
     "logLevel": "debug",
     "minNodeVersion": "12.0.0",
     "tlsDefaultMaxVersion": "TLSv1.3",
@@ -25,8 +23,6 @@
     "cockpitTlsCertPem": "-----BEGIN CERTIFICATE-----\r\nMIIGjjCCBHagAwIBAgIKDv1M8Cl8RNkaBDANBgkqhkiG9w0BAQ0FADCBrzESMBAG\r\nA1UEAxMJbG9jYWxob3N0MREwDwYDVQQGEwhVbml2ZXJzZTESMBAGA1UECBMJTWls\r\na3kgV2F5MRUwEwYDVQQHEwxQbGFuZXQgRWFydGgxFDASBgNVBAoTC0h5cGVybGVk\r\nZ2VyMQ8wDQYDVQQLEwZDYWN0dXMxNDAyBgkqhkiG9w0BCQITJUNhY3R1cyBEdW1t\r\neSBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZXMwHhcNMjEwNDE0MDYwOTU2WhcNMjIw\r\nNDE0MDYwOTU2WjCBrzESMBAGA1UEAxMJbG9jYWxob3N0MREwDwYDVQQGEwhVbml2\r\nZXJzZTESMBAGA1UECBMJTWlsa3kgV2F5MRUwEwYDVQQHEwxQbGFuZXQgRWFydGgx\r\nFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZDYWN0dXMxNDAyBgkqhkiG\r\n9w0BCQITJUNhY3R1cyBEdW1teSBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZXMwggIi\r\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyV5sVXZm5J/8Sx8MhoCPeybfw\r\nJ7Iqxsi1rl1cawbAPRLfxXixU5ByzXlXxFh6vMMc8P4jPV2SEhU7sT1Ms97GuEdu\r\nLTRaCr5LBRxDNF3XrCWTFZ4r5z4tF4SLLx7833mApShu0lfpzoX4zkEg7Jlm6P4p\r\nV7DCFEP1wVsI6uK8IDNXtkA3adosR/8TeS6KY84E5rkhjGMongLXC4xdpYY0mn2R\r\nLBtgVuWpykTJ/QiE9gmmwIwarDAxeZJavkwTrxhApD/au+/y53s4pXPypLAmsVqy\r\nd2hS2VnhrP58xEy1UFTALXGrhI7trl+KJySVpnZnb6ghwaNHuYZMtaA9ylC0Lwie\r\nc/jl24X4H5D4/QK4O3C5Jrn9kV4zinxLaDTXCJoBTBZYDoG54oJaFhz8/k3WLHFs\r\nJijyFpvGJ/b/IP0bZs1LQmUu5PEujy4gmrqd35j3Iaxf6fHbMuOyHo7ALcyI3aNS\r\n/Cp/7gHlrdwRdER+4GVg6i2iDg6ZbU3g3xg2V/wEn4CXNU2P8Ua1paIcC7dAb2f7\r\nRgRu567B8TPmgk59koJ53nlw4Q2jTdux6v7GIhpAYWXqtlvgvv5mTynjmyCCRlCt\r\ndnQx0gZ+P1dDTXKZr31kvNBvherH0vCYGpR7rsebtMBEExD7SfafV5iVnhEIkb5g\r\nX0d8qkyncS6JRfOcjwIDAQABo4GpMIGmMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD\r\nAgL0MDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG\r\nAQUFBwMEBggrBgEFBQcDCDARBglghkgBhvhCAQEEBAMCAPcwGgYDVR0RBBMwEYYJ\r\nbG9jYWxob3N0hwR/AAABMB0GA1UdDgQWBBSNc0D8/jL/P6n9mRr9mAp/Vu2csjAN\r\nBgkqhkiG9w0BAQ0FAAOCAgEAnQXIYTnZ1ZFmU+KZDwyttVk3StCMiECmZTlxOf6d\r\na5y3wH+OyJsTPoXBWQaWfqtUnQ2SOvwEDejvFqiDTIcOjYm6vI3iGqXQ7zxGmsh0\r\n/+YBu8awa8f1HP3ZTAp68+FH1NlatjfXJdrrw1afkNUQGOwg6SNZhsOvZV8VjC1g\r\nCuCdVwNk/9vA+u6NPIB2G1JCS3qRdXiK9MO14QYyvxhQWztLRpoilkYyBJvjMXxI\r\nsP7JatcbgkzgXvH2aZo1QD59ZONvM3eWJ7ychFUxC98uCNSaCE1h6fPNVodcSQtC\r\n2wuVEVVc4331yf9P6moNe0dwbDcOUyP9yjV1hyCFNygyND4YafHSU4FSDM8MGRl4\r\n7UoqT3hX3SXCzmLLeyvcguRcK1JqRpX4jDchSJln75Qdb+wk4cLQPsTiFm4BLdRr\r\nyvYugmrz3REtRiT5X5lLmti+tqRaq6JkvDiBd9DirXIklq42evOP2UBVTvYO9nR4\r\n8U1VbT3fb3PwzWnBEmLvp6TO0gXa3UkcJ62dX+V8lV/SQ4WGkXuC33QyoN3Q/ozX\r\nPf2rp9o9qnPLrx0hx0rHgFRozxNbzoQ46CODVkyrE0qUv/Y0HjiYVKfCHpbe7vyX\r\nIXnGMPk+K7ijX7+htrIg8oREKKeMlW9SPuqyJaXmLheW4ovvrMT+Aod5AS1ikD6Q\r\nCJ8=\r\n-----END CERTIFICATE-----\r\n",
     "cockpitTlsKeyPem": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIJKAIBAAKCAgEAslebFV2ZuSf/EsfDIaAj3sm38CeyKsbIta5dXGsGwD0S38V4\r\nsVOQcs15V8RYerzDHPD+Iz1dkhIVO7E9TLPexrhHbi00Wgq+SwUcQzRd16wlkxWe\r\nK+c+LReEiy8e/N95gKUobtJX6c6F+M5BIOyZZuj+KVewwhRD9cFbCOrivCAzV7ZA\r\nN2naLEf/E3kuimPOBOa5IYxjKJ4C1wuMXaWGNJp9kSwbYFblqcpEyf0IhPYJpsCM\r\nGqwwMXmSWr5ME68YQKQ/2rvv8ud7OKVz8qSwJrFasndoUtlZ4az+fMRMtVBUwC1x\r\nq4SO7a5fiicklaZ2Z2+oIcGjR7mGTLWgPcpQtC8InnP45duF+B+Q+P0CuDtwuSa5\r\n/ZFeM4p8S2g01wiaAUwWWA6BueKCWhYc/P5N1ixxbCYo8habxif2/yD9G2bNS0Jl\r\nLuTxLo8uIJq6nd+Y9yGsX+nx2zLjsh6OwC3MiN2jUvwqf+4B5a3cEXREfuBlYOot\r\nog4OmW1N4N8YNlf8BJ+AlzVNj/FGtaWiHAu3QG9n+0YEbueuwfEz5oJOfZKCed55\r\ncOENo03bser+xiIaQGFl6rZb4L7+Zk8p45sggkZQrXZ0MdIGfj9XQ01yma99ZLzQ\r\nb4Xqx9LwmBqUe67Hm7TARBMQ+0n2n1eYlZ4RCJG+YF9HfKpMp3EuiUXznI8CAwEA\r\nAQKCAgBl6oKJty++DAlMZjQw5x8YlhYze7vpjiftC3P2+IKnIT/D+Ul7rNGDicCq\r\nU15s5apqw5237b2nWAYiUqtBRhktXuoTIGomerU8kfMQxMBMG+htIZF+bWuuwR3R\r\nnGANCniY98kfa70ptAgDo3q8ofkYQlXcsmwkvQgJTTIE6pYgBBbTLSeNg0RWwd4W\r\n9s2N8HMvgdqSPXP9Ji9hTQwuCAWl0hOn/pi2eXJNkXW2KI/Ry/i//pESPQxdeagV\r\ni2JWbV1is3p6OaRqH7bfLE4Sf+Laecfm7S4FCoi+2umjy1o602lbWZz384zqbxfS\r\nD4RssPBBNCHVCJ+SwYbqF3E3XoK3QUCayxdQ9lFraqUM5tzME9LVoPSMz2/t6vEJ\r\nll2yofxksW9DfiU+YCwxpZwZAIZgWFgF79JJu9v9vHuX/csN80ZhrAtpIcGxFEp7\r\nZcIt22LIg1zKOvji9W2L343d2Ngn5xwP2LgNw7p5PvRbWj5loAUV01iMUp/LcGJ+\r\nTUF9C20rK8D6OXg8vqPyr+en8mbwifTuu3SMKrItIvug5TpgLnUbUFsFZ0tusaQn\r\nzP4QuGeqHCsphTI4oe2ro2QlefpqjDR6eL8eyepBRrwsZgnThsIQwjcxJRP0fVrd\r\nspbTNfptBZWrd685YpitSSEV6RkH6KmV6+IHDnPAH1vW3zx6YQKCAQEA3NYrCtan\r\n9c7kKfCeQMYgzxyJbaefPrScGrTsSpulv5kWiffahC6NPEsz6LqSxJxyfvP4YbKc\r\n3RqaWS5S6Tq3YNNgLI+J0D/9O0gi+s+vd47bqYBURxo2X3bly9IbUlMmc+pa+uGD\r\ndoufg7ywvjW+TJkaaykBZlfc0sIBxdrDEJCD62FdR41Vdm2Pvmi6sFqEYyIq+hXA\r\nHbX2M3/CC43XoHDIkX7Rgy0NHVUq+wasGKRUNVPIgMCBd0B8G936kGGvawSmGAQ4\r\n9e5HSUT9jqv1KziMCZ8TEYrabSAxmL56b/amz06XTND4v59astMCWo8w657NL+Xv\r\n7HJw853Z7beQgwKCAQEAzr1DnpmBeYkF0so3thK9GIG6Sru17PlIgkvWmk8B/Hsd\r\nruzw4pspVM0+D8LwxPnBveR8w471BaAqaPtVZgcoIRHO9iNegQcir7b3Fp/ai7BK\r\nZoAcNO9V++ofmS85KtVUT0iMBwcMaIgmHD/YCi0MNxdXzOzzsopR3FE0iwKYZxgC\r\nyfeKPeZa3C4I7Awvf7v5CoNF4/T5U9cAsaQJ/cVJY2s5c8LHYQsP4UUWsScQH1TS\r\nat2uRz565PDQdvD3TL+46zdsFlOYOiuM/6iMU4bYBj2FsFKA7TCkk/GghCgLfjXa\r\nrPARdunZWfWawe3bKEg6Az0kFfsimRYE0Rgey6zuBQKCAQAZPDwE7AybcT3vcPiU\r\njE95e1hU+H+hCcCA6MXLrMefAl5p+7GzwyIOjsVqxc85umr3COgMOf3k4kJbCIke\r\n77++x8jIrspfysAkQxUENjFl5yRA1VJMIbmu5QZTaToICUpumow0+QotxLzAsBI+\r\nWiPZ2vEC59eqG0Y3q0XKlzoNLYZ1olWndIYcl16CsrMKrf1M2r2wgEXI3183+VRy\r\nP44xXlH9FlHYvJAwFuhncRa/Zh/dTCqwU883kl3cTVxxnUgPYaOdQPZFXCo3PDQB\r\nVrMYckjGXLAwI/7b0373ZmTVYIklTWTKuWKDezFBGA2/zXcYpbfqzkrBaT5xCEu7\r\n92sDAoIBAFe3GZ+LBdIo/t2Gisinfq+NKxtWNUQMKGWQA8eIyhDzs45qXXHn30tp\r\noXFShpEsXrVQ4laeqvruD9BnAr69Ppt5UNRCAXDBNEhVWtSwkis+avK+XDlhapvt\r\no+Z8kMbJqHHTGAZLSUp4qaLGu8TlhA9Dyi7aQjN4WG8fzSlFup/TIivK6U6GE/rj\r\nVUnBic2qVWnOdLLZV4fo6xRzwwF22UJjVgb1l15nMR+lDpGvPznr5TMOR0lXCxFj\r\n0y8D4gkgNzclVqjKYwYbQEGgo5k01ycep0A+YRFB2DIlDLPFwcqU0ukZGm/XnC58\r\n9GJfpuKacnK5WDwzR2SoYPbOQxKrlnkCggEBANJLCqOibsezhhNa1vg+JpCL777C\r\nKAkE8bQd7rPoEZIFQqDDdapez0ZrzVWL4L8pgnpjyywxXe0p77PR5A2HRN5z1cFD\r\nDz5Kd0ZDL++5/IQ6KJgQ9EjftIy1zW+XnzBXThY+rpH0RZ15DwFoJxw+PCejjLC5\r\n7zYa2EOJ698N9WryGsxGkfPuViTbIDJKBed+4kXgLTT1hCTq53JFTJtHsO57gRkK\r\ngrPsa0O10EsJtKODFNFHzAiqwfmNxrVVcmUNmKYG4WXuJci+kw1VEJDD6GiSFyx2\r\n1MBhF3x64UtKdsj/7Cskdr6xnrxC9NHsRoZlmGGMZsSFL+MLovZv9MKl6W0=\r\n-----END RSA PRIVATE KEY-----\r\n",
     "cockpitTlsClientCaPem": "-",
-    "keyPairPem": "-----BEGIN PRIVATE KEY-----\nMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgHy0hDxj3Uhz16F8aLiWq\nhf6bcqRU3fqAv2u2YvYdSF+hRANCAAQpvM3dbCigeGLDKs0JUTi0yf5UHGC2eSRD\nd3Dk1WpBjbJDLKGdSGVGE0h1Zys8o3Den3Xag8Y1EcTxDHDInMEc\n-----END PRIVATE KEY-----\n",
-    "keychainSuffixKeyPairPem": "CACTUS_NODE_KEY_PAIR_PEM",
     "plugins": [
         {
             "packageName": "@hyperledger/cactus-plugin-keychain-memory",

diff --git a/examples/carbon-accounting/Dockerfile b/examples/carbon-accounting/Dockerfile
@@ -46,8 +46,6 @@ COPY --chown=${APP_USER}:${APP_USER} ./examples/carbon-accounting/healthcheck.sh
 
 ENV AUTHORIZATION_CONFIG_JSON="{}"
 ENV AUTHORIZATION_PROTOCOL=NONE
-ENV CACTUS_NODE_ID=-
-ENV CONSORTIUM_ID=-
 ENV KEY_PAIR_PEM=-
 ENV COCKPIT_WWW_ROOT=/usr/src/app/node_modules/@hyperledger/cactus-example-carbon-accounting-frontend/www/
 ENV COCKPIT_TLS_ENABLED=false

diff --git a/examples/supply-chain-app/Dockerfile b/examples/supply-chain-app/Dockerfile
@@ -47,8 +47,6 @@ COPY --chown=${APP_USER}:${APP_USER} ./examples/supply-chain-app/healthcheck.sh
 
 ENV AUTHORIZATION_CONFIG_JSON="{}"
 ENV AUTHORIZATION_PROTOCOL=NONE
-ENV CACTUS_NODE_ID=-
-ENV CONSORTIUM_ID=-
 ENV KEY_PAIR_PEM=-
 ENV COCKPIT_WWW_ROOT=/usr/src/app/node_modules/@hyperledger/cactus-example-supply-chain-frontend/www/
 ENV COCKPIT_TLS_ENABLED=false

diff --git a/examples/supply-chain-app/process.env b/examples/supply-chain-app/process.env
@@ -1,5 +1,3 @@
-CACTUS_NODE_ID=-
-CONSORTIUM_ID=-
 KEY_PAIR_PEM=-
 COCKPIT_WWW_ROOT=./node_modules/@hyperledger/cactus-example-supply-chain-frontend/www/
 COCKPIT_TLS_ENABLED=false

diff --git a/packages/cactus-cmd-api-server/Dockerfile b/packages/cactus-cmd-api-server/Dockerfile
@@ -27,8 +27,6 @@ ARG NPM_PKG_VERSION=latest
 ENV TZ=Etc/UTC
 ENV NODE_ENV=production
 
-ENV CACTUS_NODE_ID=-
-ENV CONSORTIUM_ID=-
 ENV KEY_PAIR_PEM=-
 ENV COCKPIT_WWW_ROOT=${APP}node_modules/@hyperledger/cactus-cockpit/www/
 ENV COCKPIT_TLS_ENABLED=false

diff --git a/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts b/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts
@@ -3,16 +3,8 @@ import { existsSync, readFileSync } from "fs";
 import convict, { Schema, Config, SchemaObj } from "convict";
 import { ipaddress } from "convict-format-with-validator";
 import { v4 as uuidV4 } from "uuid";
-import {
-  generateKeyPair,
-  exportPKCS8,
-  exportSPKI,
-  importPKCS8,
-  GeneralSign,
-  generalVerify,
-} from "jose";
+import { generateKeyPair, exportPKCS8, exportSPKI } from "jose";
 import type { Params as ExpressJwtOptions } from "express-jwt";
-import jsonStableStringify from "json-stable-stringify";
 import {
   LoggerProvider,
   Logger,
@@ -39,8 +31,6 @@ export interface ICactusApiServerOptions {
   authorizationProtocol: AuthorizationProtocol;
   authorizationConfigJson: IAuthorizationConfig;
   configFile: string;
-  cactusNodeId: string;
-  consortiumId: string;
   logLevel: LogLevelDesc;
   tlsDefaultMaxVersion: SecureVersion;
   cockpitEnabled: boolean;
@@ -65,8 +55,6 @@ export interface ICactusApiServerOptions {
   grpcPort: number;
   grpcMtlsEnabled: boolean;
   plugins: PluginImport[];
-  keyPairPem: string;
-  keychainSuffixKeyPairPem: string;
   minNodeVersion: string;
   enableShutdownHook: boolean;
 }
@@ -103,8 +91,7 @@ export class ConfigService {
   private static getConfigSchema(): Schema<ICactusApiServerOptions> {
     return {
       pluginManagerOptionsJson: {
-        doc:
-          "Can be used to override npm registry and authentication details for example. See https://www.npmjs.com/package/live-plugin-manager#pluginmanagerconstructoroptions-partialpluginmanageroptions for further details.",
+        doc: "Can be used to override npm registry and authentication details for example. See https://www.npmjs.com/package/live-plugin-manager#pluginmanagerconstructoroptions-partialpluginmanageroptions for further details.",
         format: "*",
         default: "{}",
         env: "PLUGIN_MANAGER_OPTIONS_JSON",
@@ -123,7 +110,7 @@ export class ConfigService {
             throw new Error(m);
           }
         },
-        default: (null as unknown) as AuthorizationProtocol,
+        default: null as unknown as AuthorizationProtocol,
         env: "AUTHORIZATION_PROTOCOL",
         arg: "authorization-protocol",
       },
@@ -173,31 +160,12 @@ export class ConfigService {
         },
       } as SchemaObj<PluginImport[]>,
       configFile: {
-        doc:
-          "The path to a config file that holds the configuration itself which will be parsed and validated.",
+        doc: "The path to a config file that holds the configuration itself which will be parsed and validated.",
         format: "*",
         default: "",
         env: "CONFIG_FILE",
         arg: "config-file",
       },
-      consortiumId: {
-        doc:
-          "Identifier of the consortium your node is part of. " +
-          " Can be any string of characters such as a UUID",
-        format: ConfigService.formatNonBlankString,
-        default: null as string | null,
-        env: "CONSORTIUM_ID",
-        arg: "consortium-id",
-      },
-      cactusNodeId: {
-        doc:
-          "Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any " +
-          "given Cactus deployment. Can be any string of characters such as a UUID or an Int64",
-        format: ConfigService.formatNonBlankString,
-        default: null as string | null,
-        env: "CACTUS_NODE_ID",
-        arg: "cactus-node-id",
-      },
       logLevel: {
         doc:
           "The level at which loggers should be configured. Supported values include the following: " +
@@ -243,8 +211,7 @@ export class ConfigService {
         default: false,
       },
       cockpitHost: {
-        doc:
-          "The host to bind the Cockpit webserver to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.",
+        doc: "The host to bind the Cockpit webserver to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.",
         format: "ipaddress",
         default: "127.0.0.1",
         env: "COCKPIT_HOST",
@@ -258,8 +225,7 @@ export class ConfigService {
         default: 3000,
       },
       cockpitWwwRoot: {
-        doc:
-          "The file-system path pointing to the static files of web application served as the cockpit by the API server.",
+        doc: "The file-system path pointing to the static files of web application served as the cockpit by the API server.",
         format: "*",
         env: "COCKPIT_WWW_ROOT",
         arg: "cockpit-www-root",
@@ -331,8 +297,7 @@ export class ConfigService {
         default: null as string | null,
       },
       apiHost: {
-        doc:
-          "The host to bind the API to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.",
+        doc: "The host to bind the API to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.",
         format: "ipaddress",
         env: "API_HOST",
         arg: "api-host",
@@ -417,27 +382,7 @@ export class ConfigService {
         arg: "grpc-tls-enabled",
         default: true,
       },
-      keyPairPem: {
-        sensitive: true,
-        doc:
-          "Key pair (private+public) of this Cactus node in the standard " +
-          " PEM format.",
-        env: "KEY_PAIR_PEM",
-        arg: "key-pair-pem",
-        format: ConfigService.formatNonBlankString,
-        default: null as string | null,
-      },
-      keychainSuffixKeyPairPem: {
-        doc:
-          "The key under which to store/retrieve the key pair PEM from the " +
-          " keychain of this Cactus node (API server) The complete lookup key" +
-          " is constructed from the ${CACTUS_NODE_ID}" +
-          "${KEYCHAIN_SUFFIX_KEY_PAIR_PEM} template.",
-        env: "KEYCHAIN_SUFFIX_KEY_PAIR_PEM",
-        arg: "keychain-suffix-key-pair-pem",
-        format: "*",
-        default: "CACTUS_NODE_KEY_PAIR_PEM",
-      },
+
       enableShutdownHook: {
         doc:
           "It will cause the API server to listen to OS process signals and will attempt " +
@@ -613,8 +558,6 @@ export class ConfigService {
       authorizationProtocol: AuthorizationProtocol.JSON_WEB_TOKEN,
       authorizationConfigJson,
       configFile: ".config.json",
-      cactusNodeId: uuidV4(),
-      consortiumId: uuidV4(),
       logLevel: "debug",
       minNodeVersion: (schema.minNodeVersion as SchemaObj).default,
       tlsDefaultMaxVersion: "TLSv1.3",
@@ -639,9 +582,6 @@ export class ConfigService {
       cockpitTlsCertPem: pkiServer.certificatePem,
       cockpitTlsKeyPem: pkiServer.privateKeyPem,
       cockpitTlsClientCaPem: "-", // Cockpit mTLS is off so this will not crash the server
-      keyPairPem,
-      keychainSuffixKeyPairPem: (schema.keychainSuffixKeyPairPem as SchemaObj)
-        .default,
       plugins,
       enableShutdownHook,
     };
@@ -661,7 +601,8 @@ export class ConfigService {
     env?: NodeJS.ProcessEnv;
     args?: string[];
   }): Config<ICactusApiServerOptions> {
-    const schema: Schema<ICactusApiServerOptions> = ConfigService.getConfigSchema();
+    const schema: Schema<ICactusApiServerOptions> =
+      ConfigService.getConfigSchema();
     ConfigService.config = (convict as any)(schema, options);
     // eslint-disable-next-line @typescript-eslint/ban-ts-comment
     if (ConfigService.config.get("configFile")) {
@@ -680,29 +621,4 @@ export class ConfigService {
     logger.info("Configuration validation OK.");
     return ConfigService.config;
   }
-
-  /**
-   * Validation that prevents operators from mistakenly deploying a key pair
-   * that they may not be operational for whatever reason.
-   *
-   * @throws If a dummy sign+verification operation fails for any reason.
-   */
-  async validateKeyPairMatch(): Promise<void> {
-    const fnTag = "ConfigService#validateKeyPairMatch()";
-    // FIXME most of this lowever level crypto code should be in a commons package that's universal
-    const keyPairPem = ConfigService.config.get("keyPairPem");
-    const keyPair = await importPKCS8(keyPairPem, "ES256K");
-
-    const payloadJson = jsonStableStringify({ hello: "world" });
-    const encoder = new TextEncoder();
-    const sign = new GeneralSign(encoder.encode(payloadJson));
-    sign.addSignature(keyPair).setProtectedHeader({ alg: "ES256K" });
-    const jws = await sign.sign();
-
-    try {
-      await generalVerify(jws, keyPair);
-    } catch (ex) {
-      throw new Error(`${fnTag} Invalid key pair PEM: ${ex && ex.stack}`);
-    }
-  }
 }
diff --git a/...in-consortium-manual/src/test/typescript/unit/consortium/get-node-jws-endpoint-v1.test.ts b/...in-consortium-manual/src/test/typescript/unit/consortium/get-node-jws-endpoint-v1.test.ts
@@ -59,9 +59,7 @@ describe(testCase, () => {
       consortiumDatabase: db,
     };
 
-    const pluginConsortiumManual: PluginConsortiumManual = new PluginConsortiumManual(
-      options,
-    );
+    const pluginConsortiumManual = new PluginConsortiumManual(options);
 
     // Setting up of the api-server for hosting the endpoints defined in the openapi specs
     // of the plugin

diff --git a/tools/docker/besu-all-in-one/docker-compose.yml b/tools/docker/besu-all-in-one/docker-compose.yml
@@ -17,8 +17,6 @@ services:
   cactus-api-server:
     image: ghcr.io/hyperledger/cactus-cmd-api-server:2021-08-15--refactor-1222
     environment:
-      CACTUS_NODE_ID: "-"
-      CONSORTIUM_ID: "-"
       KEY_PAIR_PEM: "-"
       COCKPIT_WWW_ROOT: ${APP}node_modules/@hyperledger/cactus-cockpit/www/
       COCKPIT_TLS_ENABLED: "false"

diff --git a/whitepaper/whitepaper.md b/whitepaper/whitepaper.md
@@ -1077,11 +1077,6 @@ Configuration Parameters
                 Default: Mandatory parameter without a default value.
                 Env: CONFIG_FILE
                 CLI: --config-file
-  cactusNodeId:
-                Description: Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any given Cactus deployment. Can be any string of characters such as a UUID or an Int64
-                Default: Mandatory parameter without a default value.
-                Env: CACTUS_NODE_ID
-                CLI: --cactus-node-id
   logLevel:
                 Description: The level at which loggers should be configured. Supported values include the following: error, warn, info, debug, trace
                 Default: warn
@@ -1128,12 +1123,12 @@ Configuration Parameters
                 Env: PRIVATE_KEY
                 CLI: --private-key
   keychainSuffixPrivateKey:
-                Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
+                Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
                 Default: CACTUS_NODE_PRIVATE_KEY
                 Env: KEYCHAIN_SUFFIX_PRIVATE_KEY
                 CLI: --keychain-suffix-private-key
   keychainSuffixPublicKey:
-                Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
+                Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template.
                 Default: CACTUS_NODE_PUBLIC_KEY
                 Env: KEYCHAIN_SUFFIX_PUBLIC_KEY
                 CLI: --keychain-suffix-public-key
@@ -1447,7 +1442,6 @@ seen below:
 {
             "packageName": "@hyperledger/cactus-plugin-consortium-manual",
             "options": {
-                "keyPairPem": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n",
                 "consortium": {
                     "name": "Example Cactus Consortium",
                     "id": "2ae136f6-f9f7-40a2-9f6c-92b1b5d5046c",