This document describes the information needed by a client to be able to establish a connection to a Volt, how that
information is persisted in a configuration file by the tdx Volt client libraries, and how to use a client
configuration file to establish a connection to a tdx Volt using the tdx Volt CLI.
Client connection information
Two pieces of information are required for a client to be able to connect to a tdx Volt to access resources or
The client credentials. The client credentials identify the client. As far as the target tdx Volt is
concerned, this is primarily made up of the client’s public key. However, in order to be able to prove possession of
the key to the target Volt, the private key will be required by the client library to initiate the TLS handshake or
sign a JWT. The client credentials are stored in the credential property, described below.
The target tdx Volt configuration. The tdx Volt configuration identifies the target Volt. It includes a
unique identitifier, address and public key. See the
Volt configuration reference section for a full description and details of how to obtain
a tdx Volt configuration. The Volt configuration is stored in the volt property, described below.
Note that only the public portion of the client key is sent to the Volt, the private key is never seen by the Volt.
The basic structure of a client configuration is shown below:
Client configuration file
All the current tdx Volt client libraries support using a file to store a client configuration in the
JSON format described here.
It is not obligatory for clients or applications to use this format. The configuration details can be specified
as a plain object and stored in whatever method suits.
Obtain a client configuration
If you have a connection to the target tdx Volt configured in the fusebox, you can use this to quickly obtain a
client configuration file.
Select the identity you want to use for the client in the Explorer pane on the left side of the fusebox. Then use
the ‘copy to clipboard’ button next to the ‘client configuration’ detail in the right-hand panel, as highlighted in the
Alternatively, you can use the ‘copy client configuration’ button on the ‘metadata’ dialog of the identity.
Populating the client key
Note that unless the full client key is stored in the tdx Volt, it will be necessary to manually populate the key
property of the JSON that is copied to the clipboard using the method described above.
The example below shows the configuration copied from an identity that doesn’t have the key stored in the tdx Volt.
As you can see, the key property has a placeholder (<**** INSERT PEM-FORMAT KEY HERE ****>) that must be replaced
with the actual PEM-format private key corresponding to this client.
Create client configuration
If you want to create a new client on a tdx Volt you can manually create one using the CLI.
The first step in creating a client configuration file is to obtain the configuration details of the tdx Volt you
wish to connect to.
The client libraries support a couple of other methods that attempt to automatically resolve or discover the Volt configuration.
The first of these methods is the use of Volt DID, or decentralised identifier, which is registered on any Volt cloud portal. A full description of decentralised identifiers is out of scope for this document, but more information can be found here.
The Volt DID can be specified in the client configuration in one of two ways, the first of which is a shortcut using the volt property as a string:
The second is to add a did property to the volt object:
Another method of automatically acquiring the Volt configuration is using a discovery URL.
Similar to the DID examples above, the Volt discovery URL can be specified in the client configuration in one of two ways, the first of which is a shortcut using the volt property as a string:
Or using a http_address property on the volt object:
Note that the target Volt will need to have its HTTP server enabled for the `http_address` resolution to work.
Creating the configuration file
Once you have obtained the target tdx Volt configuration, the next step is to create the client configuration file
to store the tdx Volt configuration alongside your client credentials.
Use your favourite text editor to create the configuration file, e.g.
Create a minimal configuration using the following:
An example of a tdx Volt configuration for connection to a local (P2P) tdx Volt is shown below.
Note that in the example above the credential section has not been specified, and therefore will be auto-generated by
the client library and a key will be created and stored in the file. If you already have a key that you wish to use for
the connection you should place it in the key property of the credential section.
You can now use the tdx Volt CLI to help complete the configuration file:
Chances are that the above command will result in errors along the lines of
failure binding to Volt: policy decision pending. This means that the owner of the Volt you are trying to connect to
needs to approve your request to connect to the Volt. However, if you examine the my.config.json file you should see
that the credential section has been created along with an auto-generated key:
In the output above, the client_id and cert properties of the credential object are blank. These will be populated
once the Volt owner approves the binding request.
Test the connection
Assuming you have created a client configuration file, you can now use it to connect to a Volt.
For example, an initial client configuration file named client.config.json is show below.
This file indicates that the target tdx Volt has id 449a3385-f380-41f7-bd0a-e60caaa403cb and is running locally at
the address 192.168.1.194:58913.
We can use the Volt CLI to issue a request to the Volt. Here we ask the tdx Volt to list all the
resources in the clients ‘Home’ folder (indicated by ’.’). This may yield no results if you have only just bound to the
Now try uploading a file to the home folder.
And then list the resources again:
The tdx Volt CLI will look for a client configuration file named `volt.config.json` if none is specified on the command line. So if you use this name to store your configuration details there is no need to specify the `-c client.config.json` parameter.
The discussion so far has related to peer-to-peer connections. However in many scenarios it will be necessary to connect
to a Volt that is not on the same local network as the client, and may not be accessible via the wider internet because
it is behind a firewall.
In order to be able to connect to remote Volts in these scenarios you can utilise the concept of a Relay Volt, which is
described in more detail here.
The first step is to establish the configuration of the Relay Volt you would like to use.
It is then a case of adding another Volt configuration object describing the Relay Volt as a sub-property of the target volt configuration. This relay property takes the same format as the standard Volt configuration:
The addition of the `relay` property is the only addition that is required to a standard client configuration to force the client libraries to connect via a Relay Volt. However if the configuration has previously been used to bind locally, it may be necessary to delete the `credential.cert` property to force the client library to initialise the Relay parameters correctly.
Client configuration definition
The JSONSchema definition of the Volt client configuration object is shown below.
Note that the client_name and crytpo properties describe the client and its credentials, and the remainder of the
document (the volt property) is simply an instance of a tdx Voltconfiguration object.