# Feature-Key File The feature-key file is a cryptographically-signed list of enabled server features, issued upon purchase of a paid version of Aerospike Database. Aerospike Database Enterprise Edition (EE) and Aerospike Database Standard Edition (SE) require a feature-key file to start up. Aerospike Database Community Edition (CE) does not use a feature-key file. Starting with Database 6.1.0, a default feature-key file is included with Aerospike EE. This feature-key file provides a single-node evaluation for developers, so customers should swap in their production feature-key file before deploying to production. If the server cannot find the feature-key file, it exits early in its startup sequence with the following log message: ```plaintext Apr 09 2021 06:35:12 GMT: CRITICAL (config): (features_ee.c:142) failed to get feature-key /etc/aerospike/features.conf ``` ## Loading the feature-key file The server can load the feature-key file from the following sources: - The filesystem - An environment variable - HashiCorp Vault - An external secrets management service using [Aerospike Secret Manager](https://aerospike.com/docs/database/tools/secret-agent) ### From the filesystem The default path to the feature-key file is `/etc/aerospike/features.conf`. If you want to use a different file location, you can add the [`feature-key-file`](https://aerospike.com/docs/database/reference/config#service__feature-key-file) configuration parameter to the `service` stanza. ```text service { feature-key-file /path/to/feature-key.conf } ``` The path can also be a directory, where all the files it contains are feature-key files. The server checks each one for validity and expiration, and merges valid ones into its feature set. This feature is useful for limited-time trials of new features. ```text service { feature-key-file /path/to/feature-key.d/ } ``` The feature-key directory behavior was added in Database 5.5.0. ::: note If multiple feature-key files include `asdb-cluster-nodes-limit`, the highest non-zero value restricts the cluster size. ::: ### From an environment variable You can set the feature-key file in an environment variable as a base64-encoded secret. Terminal window ```bash export MY_FEATURE_FILE=$(base64 ~/evaluation-features.conf) ``` Now configure the [`feature-key-file`](https://aerospike.com/docs/database/reference/config#service__feature-key-file) parameter to load the secret from the environment variable. The prefix `env-b64:` is a literal string. ```text service { feature-key-file env-b64:MY_FEATURE_FILE } ``` ### From HashiCorp Vault The server can fetch the feature-key file from HashiCorp Vault servers, such as HCP Vault. The prefix `vault:` is a literal string. ```text service { feature-key-file vault:feature-key } ``` For more information, see [Fetching Secrets from HashiCorp Vault](https://aerospike.com/docs/database/8.0.0/manage/security/vault). ### From Aerospike Secret Agent In Database 6.4.0 and later, the server can use [Aerospike Secret Agent](https://aerospike.com/docs/database/tools/secret-agent) to fetch from a secrets management service, such as AWS Secrets Manager. The configuration parameter must follow the format `secrets:[resource:]secret_name`. The prefix `secrets:` is a literal string. ```text service { feature-key-file secrets:TestingSecret:FeatureKey ... } ``` For more information, see [Integrating with secrets management services](https://aerospike.com/docs/database/8.0.0/manage/security/secrets). ## Updating the contents or location of the feature-key file If you get a new feature-key file and put it in the same location (so the file path remains identical) you do not need to update the [`feature-key-file`](https://aerospike.com/docs/database/reference/config#service__feature-key-file) configuration parameter. If the path changes, you must update the parameter with the new path whether or not the contents of the file change. The server reads the feature-key file at startup. To refresh and read from the new file, perform a rolling restart of your cluster. Do not wait too long to restart the cluster after an update, because if a node restarts unexpectedly it could result in a prolonged feature mismatch between nodes.