Recommended Blueprint

Cordial Scripting Language is a domain-specific language that can be used to initialize all of the policies, users, and credentials on your install. Learn more in the tutorial.

Immediately after setup, there is very little in a Treasury, essentially (see treasury state list --output ccl):

allow access-rule root { action = "any/action", resource = "any/resource", initiate = "users/root" }
invite credential root-invite for root { public_key = "27f4cda174895791f0d2523d6a07320e03eb402a21012171be2f8a4faadfc78c" }
machine user root

This is an insecure state, where anybody can register a client key for this "root" user (with the "well-known" invite code root), which has permissions to do anything with any resource (and without approvals).

Additionally, even the "off-chain worker" machine users (connector, signer-1, and further signers) don't yet exist.

Therefore, some CSL scripts should be run to bootstrap the deployment into a useful state: we call this a blueprint.

To make a Treasury fully functional, at minimal some resources equivalent to the content of our "basic" blueprint is required, which for two nodes can be displayed with treasury blueprint basic 2. It corresponds to the sections base.csl, signer-1.csl, and signer-2.csl in the blueprint displayed in the next section.

This:

• creates a client key for the root user and enrolls it, consuming the invite credential
• allows users to register credentials for themselves, send heartbeats
• it allows root to approve requests by other users (to get them "unstuck") creates roles, users, and invites for the connector and all signer users
• allows connector and signers to send their expected responses

Blueprint

Run treasury blueprint deployment X for an up-to-date version of the following blueprint for X number of nodes. You will need to add initial users that will have "root" access.

To apply it directly, run treasury blueprint deployment 2 --users "<bob@example.com>:1234" | treasury script. Change "2" to match the number of nodes that you are using. The "1234" part is the invite code that will be used for the user. You may also omit the invite code to instead re-use existing passkeys that you've registered on Treasury before.

To modify it before applying, store it in a file blueprint.csl, and then run treasury script -f blueprint.csl

Beyond the basic blueprint, this:

• Adds the initial users with some initial invite credentials.

Additional peers

The blueprint above was generated for two nodes. To setup more nodes, change the size parameter, for instance treasury blueprint deployment 4 if you have four nodes.

Remove root user

This blueprint uses a root user and root access rule that comes out of the box of a Treasury install. Currently the default deployment blueprint will delete the root user automatically, but you can also do it manually.

Treasury

treasury features activate delete_root --sign-with root-key

CSL

activate feature delete_root

With any configuration, the root user should be deleted eventually as it's a single point of failure, only intended to be used to bootstrap.