Skip to main content

Providing the Feature-Key File

The feature-key file is a cryptographically-signed list of enabled server features. Starting with Aerospike Database Enterprise Edition (EE) 4.6, the server requires a feature-key file to start. Users of Aerospike Database Community Edition (CE) can skip this section.

Defining the location of the feature key file

If the server cannot find the feature key file, it exits early in its start-up sequence and issues the following log message:

Apr 09 2021 06:35:12 GMT: CRITICAL (config): (features_ee.c:142) failed to get feature key /etc/aerospike/features.conf

As you can see, the default path to the feature-key file is /etc/aerospike/features.conf. The simplest way to satisfy this requirement is to copy yours to this location.

For Enterprise Edition only, you can add the feature-key-file configuration parameter to the service stanza.

service {
feature-key-file /opt/aerospike/evaluation-features.conf
}
  • In EE version 5.4, support was added for
    • a vault:secret_in_vault to fetch the contents of the feature key from HashiCorp Vault. See Optional security with Vault integration.
    • reading the feature key from an environment variable such as env-b64:FEATURES.
  • In EE version 5.5, support was added for combining multiple feature key files. The path can now indicate a directory, where all the files it contains are feature-key files. The server will check each for validity, expiration, and merge valid ones into its feature set. This supports limited-time trials of new features.
    • If any of the feature key files have the feature key asdb-cluster-nodes-limit, the highest non-zero value is chosen to restrict the cluster size.

If you are deploying Aerospike Enterprise Edition with Docker, Kubernetes or Helm, they all provide a flag for passing the feature key file into the containers.

Base64-encoding the feature key file in an environment variable

Instead of placing the feature key in a filesystem path, you can pass it as a secret in an environment variable.

export FOO=$(base64 ~/evaluation-features.conf)

Then in the configuration file:

service {
feature-key-file env-b64:FOO
}

When database features are loaded at start-up, the base64-encoded feature key are read from the named environment variable and decoded into binary form. You can then clear the environment variable until the next time you start the database.