SettingUp keys
By default QRS searchs for encrypted private keys / public keys at ./keys. Put all the private keys you want to use in Encrypted Ascii Armored Format inside it. It will iterate over all files and load them. If you don't have one, you can either create using the gpg toolkit or by calling the create api. Notice that calling the create API does not automatically store the key at the keys folder.
The keys folder can be overrided by the PRIVATE_KEY_FOLDER environment variable.
You can also use the /keyRing/addPrivateKey endpoint to add keys:
{
"EncryptedPrivateKey": "-----BEGIN PGP PRIVATE KEY BLOCK-----(...)\n-----END PGP PRIVATE KEY BLOCK-----",
"SaveToDisk": true,
"Password": "I think you will never guess"
}The Password field is optional, but if provided, the key will automatically unlock everytime remote-signer starts. Notice that it will store the password as plain text in the disk with the default settings. For secure storage we recommend using a Hashicorp Vault Key Backend.
The SaveToDisk parameter tells the server to save that private key in the default key backend.
