Skip to main content
Loading

Providing the Feature Key File

The feature key file is a cryptographically-signed list of enabled server features. Starting with Aerospike Database Enterprise Edition 4.6, the server requires a feature key file to start. Aerospike Database Community Edition does not use a feature key file.

As of server 6.1, a default feature key file is included. The default feature key file is intended for a single-node cluster, so be sure to update it for production use.

Defining the location of the feature key file

If the server cannot find the feature key file, it exits early in its startup sequence and issues the following log message:

Apr 09 2021 06:35:12 GMT: CRITICAL (config): (features_ee.c:142) failed to get feature key /etc/aerospike/features.conf

The default path to the feature-key file is /etc/aerospike/features.conf. If you want to use a different file location, you can add the feature-key-file configuration parameter to the service stanza.

service {
feature-key-file /PATH/TO/FILE
}

Replace /PATH/TO/FILE with the full path to your feature key file.

In server 5.4, support was added for:

  • HashiCorp Vault integration. You can use vault:secret_in_vault to fetch the contents of the feature key from HashiCorp Vault. Refer to Optional security with Vault integration for more information.

  • Reading the feature key from an environment variable such as env-b64:FEATURES. Refer to the section below.

In server 5.5, support was added for combining multiple feature key files. The path can now indicate a directory, where all the files it contains are feature key files. The server checks each one for validity and expiration, and merges valid ones into its feature set. This feature is useful for limited-time trials of new features.

  • If any feature key files include the feature key asdb-cluster-nodes-limit, the highest non-zero value is used to restrict the cluster size.

Base64-encoding the feature key file in an environment variable

Instead of placing the feature key in a filesystem path, you can pass it as a secret in an environment variable.

export MY_FEATURE_FILE=$(base64 ~/evaluation-features.conf)

Specify a feature-key-file parameter in the configuration file:

service {
feature-key-file env-b64:MY_FEATURE_FILE
}

Replace MY_FEATURE_FILE with the environment variable specifying your base64-encoded feature key file path.

When database features are loaded at startup, the server reads the base64-encoded feature key from the named environment variable and decodes it into binary form.

Updating the contents or location of the feature key file

If the path to the feature key file is unchanged, you can replace the old file with a new one and there's no need to update the feature-key-file configuration parameter. If the path changes, you must update the feature-key-file configuration parameter with the new path.

The server reads the feature key file at startup. If you want the new file to take effect immediately, perform a rolling restart of your cluster. Otherwise, you should perform a rolling restart of your cluster nodes at the next available opportunity to avoid surprises if a node restarts unexpectedly.