Private network command line options
This reference describes the syntax of the Besu private network command line interface (CLI) options.
This reference contains options that apply to only private networks. For options that apply to both private and public networks, see the public network options reference.
Specify options
You can specify Besu options:
-
On the command line.
besu [OPTIONS] [SUBCOMMAND]
-
As an environment variable. For each command line option, the equivalent environment variable is:
- Uppercase.
_
replaces-
.- Has a
BESU_
prefix.
For example, set
--miner-coinbase
using theBESU_MINER_COINBASE
environment variable. -
In a configuration file.
If you specify an option in more than one place, the order of priority is command line, environment variable, configuration file.
If using Bash or Z shell, you can view option suggestions by entering --
and pressing the Tab key twice.
besu --Tab+Tab
Characters such as smart quotes and long (em) hyphens don't work in Besu command line options. Ensure quotes aren't automatically converted to smart quotes, or double hyphens combined into em hyphens.
Options
permissions-accounts-config-file
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-accounts-config-file=<FILE>
--permissions-accounts-config-file=/home/me/me_configFiles/myPermissionsFile
BESU_PERMISSIONS_ACCOUNTS_CONFIG_FILE=/home/me/me_configFiles/myPermissionsFile
permissions-accounts-config-file="/home/me/me_configFiles/myPermissionsFile"
The accounts permissions configuration file. The default is the permissions_config.toml
file in the data directory.
--permissions-accounts-config-file
and --permissions-nodes-config-file
can use the same file.
permissions-accounts-config-file-enabled
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-accounts-config-file-enabled[=<true|false>]
--permissions-accounts-config-file-enabled=true
BESU_PERMISSIONS_ACCOUNTS_CONFIG_FILE_ENABLED=true
permissions-accounts-config-file-enabled=true
Enables or disables file-based account level permissions. The default is false
.
permissions-accounts-contract-address
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-accounts-contract-address=<ContractAddress>
--permissions-accounts-contract-address=xyz
BESU_PERMISSIONS_ACCOUNTS_CONTRACT_ADDRESS=xyz
permissions-accounts-contract-address="xyz"
The contract address for onchain account permissioning.
permissions-accounts-contract-enabled
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-accounts-contract-enabled[=<true|false>]
--permissions-accounts-contract-enabled=true
BESU_PERMISSIONS_ACCOUNTS_CONTRACT_ENABLED=true
permissions-accounts-contract-enabled=true
Enables or disables contract-based onchain account permissioning. The default is false
.
Onchain permissioning is deprecated in Besu version 24.12.0 and later. Please read this blog post for more context on the rationale behind this decision as well as alternative options.
permissions-nodes-config-file
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-nodes-config-file=<FILE>
--permissions-nodes-config-file=/home/me/me_configFiles/myPermissionsFile
BESU_PERMISSIONS_NODES_CONFIG_FILE=/home/me/me_configFiles/myPermissionsFile
permissions-nodes-config-file="/home/me/me_configFiles/myPermissionsFile"
The nodes permissions configuration file. The default is the permissions_config.toml
file in the data directory.
--permissions-nodes-config-file
and --permissions-accounts-config-file
can use the same file.
permissions-nodes-config-file-enabled
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-nodes-config-file-enabled[=<true|false>]
--permissions-nodes-config-file-enabled=true
BESU_PERMISSIONS_NODES_CONFIG_FILE_ENABLED=true
permissions-nodes-config-file-enabled=true
Enables or disables file-based node level permissions. The default is false
.
permissions-nodes-contract-address
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-nodes-contract-address=<ContractAddress>
--permissions-nodes-contract-address=xyz
BESU_PERMISSIONS_NODES_CONTRACT_ADDRESS=xyz
permissions-nodes-contract-address="xyz"
The contract address for onchain node permissioning.
permissions-nodes-contract-enabled
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-nodes-contract-enabled[=<true|false>]
--permissions-nodes-contract-enabled=true
BESU_PERMISSIONS_NODES_CONTRACT_ENABLED=true
permissions-nodes-contract-enabled=true
Enables or disables contract-based onchain node permissioning. The default is false
.
Onchain permissioning is deprecated in Besu version 24.12.0 and later. Please read this blog post for more context on the rationale behind this decision as well as alternative options.
permissions-nodes-contract-version
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--permissions-nodes-contract-version=<ContractVersion>
--permissions-nodes-contract-version=2
BESU_PERMISSIONS_NODES_CONTRACT_VERSION=2
permissions-nodes-contract-version=2
Version of the EEA node permissioning interface. The default is 1.
poa-block-txs-selection-max-time
- Syntax
- Example
- Environment variable
- Example configuration file
--poa-block-txs-selection-max-time=<INTEGER>
--poa-block-txs-selection-max-time=80
BESU_POA_BLOCK_TXS_SELECTION_MAX_TIME=80
poa-block-txs-selection-max-time=80
The maximum time that can be spent selecting transactions to be included in a block,
as a percentage of the fixed block time of the network.
The default is 75
, or 75%.
This option only applies to proof-of-authority networks.
For proof-of-stake and proof-of-work networks, see
--block-txs-selection-max-time
.
privacy-enabled
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-enabled[=<true|false>]
--privacy-enabled=false
BESU_PRIVACY_ENABLED=false
privacy-enabled=false
Enables or disables private transactions. The default is false
.
Tessera-based privacy is deprecated in Besu version 24.12.0 and later. Please read this blog post for more context on the rationale behind this decision as well as alternative options.
privacy-marker-transaction-signing-key-file
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-marker-transaction-signing-key-file=<FILE>
--privacy-marker-transaction-signing-key-file=/home/me/me_node/myPrivateKey
BESU_PRIVACY_MARKER_TRANSACTION_SIGNING_KEY_FILE=/home/me/me_node/myPrivateKey
privacy-marker-transaction-signing-key-file="/home/me/me_node/myPrivateKey"
<FILE>
is the name of the private key file used to sign privacy marker transactions.
This can be the same file used by --node-private-key-file
, or a different key file to identify who signed the privacy marker transaction.
You must specify this option if you're using:
- a privacy network where you pay gas. Also, the associated account must contain adequate funds.
- account permissioning and privacy. You must include the corresponding public key in the accounts allowlist.
If you do not specify this option (for example, in a free gas network), Besu signs each transaction with a different randomly generated key.
privacy-multi-tenancy-enabled
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-multi-tenancy-enabled[=<true|false>]
--privacy-multi-tenancy-enabled=false
BESU_PRIVACY_MULTI_TENANCY_ENABLED=false
privacy-multi-tenancy-enabled=false
Enables or disables multi-tenancy for private transactions. The default is false
.
privacy-flexible-groups-enabled
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-flexible-groups-enabled[=<true|false>]
--privacy-flexible-groups-enabled=true
BESU_PRIVACY_FLEXIBLE_GROUPS_ENABLED=true
privacy-flexible-groups-enabled=true
Enables or disables flexible privacy groups. The default is false
.
Deprecated syntax for this option is --privacy-onchain-groups-enabled
.
privacy-public-key-file
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-public-key-file=<privacyPublicKeyFile>
--privacy-public-key-file=Tessera/nodeKey.pub
BESU_PRIVACY_PUBLIC_KEY_FILE=Tessera/nodeKey.pub
privacy-public-key-file="Tessera/nodeKey.pub"
The public key of the Tessera node.
You cannot specify privacy-public-key-file
when --privacy-multi-tenancy-enabled
is true
privacy-tls-enabled
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-tls-enabled[=<true|false>]
--privacy-tls-enabled=false
BESU_PRIVACY_TLS_ENABLED=false
privacy-tls-enabled=false
Enables or disables TLS on communication with the private transaction manager. The default is false.
privacy-tls-keystore-file
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-tls-keystore-file=<FILE>
--privacy--keystore-file=/home/me/me_node/key
BESU_PRIVACY_TLS_KEYSTORE_FILE=/home/me/me_node/key
privacy-tls-keystore-file="/home/me/me_node/key"
The keystore file (in PKCS #12 format) containing the private key and the certificate presented during authentication.
You must specify privacy-tls-keystore-file
if --privacy-tls-enabled
is true
.
privacy-tls-keystore-password-file
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-tls-keystore-password-file=<FILE>
--privacy-tls-keystore-password-file=/home/me/me_node/password
BESU_PRIVACY_TLS_KEYSTORE_PASSWORD_FILE=/home/me/me_node/password
privacy-tls-keystore-password-file="/home/me/me_node/password"
The path to the file containing the password to decrypt the keystore.
privacy-tls-known-enclave-file
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-tls-known-enclave-file=<FILE>
--privacy-tls-known-enclave-file=/home/me/me_node/knownEnclave
BESU_PRIVACY_TLS_KNOWN_ENCLAVE_FILE=/home/me/me_node/knownEnclave
privacy-tls-known-enclave-file="/home/me/me_node/knownEnclave"
The path to the file containing the hostnames, ports, and SHA256 certificate fingerprints of the authorized privacy enclave.
privacy-url
(Deprecated)
- Syntax
- Example
- Environment variable
- Configuration file
--privacy-url=<privacyUrl>
--privacy-url=http://127.0.0.1:8888
BESU_PRIVACY_URL=http://127.0.0.1:8888
privacy-url="http://127.0.0.1:8888"
The URL on which the Tessera node is running.