Quickstart: Update the runtime options of the JavaScript execution engine on an Azure Managed CCF resource

Sometimes it is necessary to update the runtime options of the CCF JavaScript interpreter to extend the request execution duration or update the heap or stack allocation size. In this how to guide, you will learn to update the runtime settings. This tutorial builds on the Azure Managed CCF (Managed CCF) resource created in the Quickstart: Create an Azure Managed CCF resource using the Azure portal tutorial.


Download the service identity

An Azure Managed CCF resource has a unique identity called the service identity. It is represented by a certificate and is created during the resource creation. Every individual node that is part of the Azure Managed CCF resource has its self-signed certificate, endorsed by the service identity, which establishes trust on it.

Customers are recommended to download the service identity certificate and use it to establish a TLS connection when interacting with the service. The following command downloads the certificate and saves it into service_cert.pem.

curl https://identity.confidential-ledger.core.azure.com/ledgerIdentity/confidentialbillingapp --silent | jq ' .ledgerTlsCertificate' | xargs echo -e > service_cert.pem

Update the runtime options


When executing the commands on a Mac, replace date -Is with date +%FT%T%z.

  1. Prepare a set_js_runtime_options.json file and submit it using this command:
    $ cat set_js_runtime_options.json
      "actions": [
          "name": "set_js_runtime_options",
          "args": {
            "max_heap_bytes": 1024,
            "max_stack_bytes": 1024,
            "max_execution_time_ms": 5000, // increase the request execution time
            "log_exception_details": false,
            "return_exception_details": false
    $ proposal_id=$( (ccf_cose_sign1 --content set_js_runtime_options.json --signing-cert member0_cert.pem --signing-key member0_privk.pem --ccf-gov-msg-type proposal --ccf-gov-msg-created_at `date -Is` | curl https://confidentialbillingapp.confidential-ledger.azure.com/gov/proposals -H 'Content-Type: application/cose' --data-binary @- --cacert service_cert.pem | jq -r ‘.proposal_id’) )
  2. The next step is to accept the proposal by submitting a vote.
    cat vote_accept.json
      "ballot": "export function vote (proposal, proposerId) { return true }"
    ccf_cose_sign1 --content vote_accept.json --signing-cert member0_cert.pem --signing-key member0_privk.pem --ccf-gov-msg-type ballot --ccf-gov-msg-created_at `date -Is` --ccf-gov-msg-proposal_id $proposal_id | curl https://confidentialbillingapp.confidential-ledger.azure.com/gov/proposals/$proposal_id/ballots -H 'Content-Type: application/cose' --data-binary @- --cacert service_cert.pem
  3. Repeat the above step for every member in the Managed CCF resource.
  4. After the proposal is accepted, the runtime options will be applied to the subsequent requests.

Next steps