Note that the client will also need to supply some credentials in order to identify itself to the Volt. This is described in Volt Connection.
The tdx Volt configuration does not contain any sensitive information that may compromise its security. It is safe to distribute the tdx Volt configuration, either publicly or only to those you would like to connect to your Volt. Just because somebody possesses your tdx Volt configuration does not mean they can access the Volt.
Obtaining a tdx Volt configuration
There are several methods of obtaining the configuration document for a given Volt.
Out of band
A likely scenario is that you will obtain a tdx Volt configuration via some out-of-band means such as email.
If Alice is happy for Bob to connect to her tdx Volt she will email Bob her tdx Volt configuration.
fusebox
The easiest option if you are owner of the tdx Volt is to use the fusebox application. On the main tdx Volt screen there is a ‘configuration’ field in the
right-hand side bar - see the image below.
If you click on the ‘copy’ icon at the right-hand edge the tdx Volt configuration will be copied to the clipboard.
Command line
Another method of obtaining a tdx Volt configuration is via the command line interface. The config command will list all the configured Volts:
Once you know the id of the Volt, you can obtain the full tdx Volt configuration by specifying the id to the config command:
If the tdx Volt has an alias, you can use that instead of the id:
Web portal
This is under review and may be removed shortly.
If you would like to connect to a remote tdx Volt via a cloud tunnel, you can copy the configuration from the
TDX Cloud web portal.
Select the tdx Volt in the drop-down list at the top of the page and then click on the ‘Command’ button, followed by ‘copy
configuration’ menu item.
Peer to Peer discovery
This functionality is experimental and subject to change.
All Batteries implement and expose the tdx.api.volt.v1.DiscoveryAPI service. This can be used to discover all Volts
currently running on the Battery.
The fusebox also implements a rudimentary discovery function in the form of scanning all IP addresses on the local
network, looking for instances of the DisoveryAPI.
Remote discovery
All Relay Volt connections will implement and expose the tdx.api.relay.v1.RelayAPI service. The endpoint
GetVoltEndpoint can be used to list all Volts that the currently authenticated client has access to.
Examples
A minimal example of a tdx Volt configuration is shown below.
A full tdx Volt configuration is show below, note that many of the fields are included for convenience:
Property description
In addition to the JSONSchema given in the Appendix, the properties contained in the tdx Volt configuration are described below.
Depending on the scenario, some of the properties may not be applicable and can be omitted.
Properties marked [required] are applicable in all scenarios.
id [required]
The globally unique identifier of the Volt.
This property must be present in the tdx Volt configuration, unless you are connecting to a remote tdx Volt via a Relay Volt (i.e.
not peer-to-peer). More on that later.
display_name
The human-readable display name of the Volt. This is non-unique, and is only for reference purposes, i.e. it is not
required in order to be able to connect to the Volt.
address
The address at which the tdx Volt is running. This will be in the form of host:port, where host can be either an IP
address or a DNS resolvable domain name.
ca_pem [required]
The PEM encoded signing certificate used by the Volt. This must be present in the tdx Volt configuration and is used to
encrypt all communication with the Volt.
challenge_code
If present it represents a challenge code that can be signed and presented when attempting to
bind to this Volt. This is required as part of the initial bind flow to demonstrate to the tdx Volt that
you have some secret, pre-shared information. You do not need to do this if the tdx Volt already knows your public key, or
you have other verifiable credentials you can present these in the bind request.
public_key
The public key of the Volt. This is useful for identifying the tdx Volt but is not required in the tdx Volt configuration in
order to be able to connect to the tdx Volt (it can be inferred from the signing certificate).
fingerprint
This is a hash of the public key in base58 format, useful as a shortcut means of comparing and lookup up keys.
owner_credential
A base64 encoded JWT signed by the tdx Volt key and containing a verifiable credential stating the owner of the tdx Volt in the
form of a DID.
Appendix
Volt configuration definition
The JSONSchema describing the tdx Volt configuration is as follows: