description: Configuring Privacy # Configuring a Network for Private Transactions Configuring a network that supports private transactions requires starting an Orion node for each Pantheon node. Pantheon command line options associate the Pantheon node with the Orion node. This tutorial assumes you have completed setting up an IBFT 2.0 network to the point where you have [created the genesis file](../Tutorials/Create-IBFT-Network.md#5-create-genesis-file). If not, complete steps 1 to 5 of the [Create an IBFT 2.0](../Tutorials/Create-IBFT-Network.md) tutorial before continuing. In this tutorial we start Orion nodes for the three Pantheon nodes and configure each Pantheon node to be associated with an Orion node. ## 1. Create Orion Directories Inside each `Node` directory, create an `Orion` directory: ```bash IBFT-Network/ ├── Node-1 │   ├── data │ ├── Orion ├── Node-2 │   ├── data │ ├── Orion └── Node-3 ├── data ├── Orion ``` ## 2. Create Password Files In each `Orion` directory, create a file called `passwordFile` containing a password to encrypt each Orion key pair. ## 3. Generate Orion Keys In each `Orion` directory, generate a public/private keypair for the Orion node: ``` bash orion -g nodeKey ``` At the prompt, enter the [password](#2-create-password-files) saved in `passwordFile` to encrypt the key pair. The Orion public/private key pair is generated and the keys saved in the `nodeKey.pub` and `nodeKey.key` files. ## 4. Create Orion Configuration Files In the `Node-1/Orion` directory, create a file called `orion.conf` and add the following properties: ```bash nodeurl = "http://127.0.0.1:8080/" nodeport = 8080 clienturl = "http://127.0.0.1:8888/" clientport = 8888 publickeys = ["nodeKey.pub"] privatekeys = ["nodeKey.key"] passwords = "passwordFile" tls = "off" ``` !!! important In production systems, only specify [`tls`](http://docs.orion.pegasys.tech/en/latest/Configuring-Orion/Configuration-File/#tls) is `off` if another transport security mechanism such as WireGuard is in place. In the `Node-2/Orion` and `Node-3/Orion` directories, create `orion.conf` files specifying: * Different ports * Node-1 Orion node as the bootnode (specified by [`othernodes`](http://docs.orion.pegasys.tech/en/latest/Configuring-Orion/Configuration-File/)): ```bash tab="Node-2" nodeurl = "http://127.0.0.1:8081/" nodeport = 8081 clienturl = "http://127.0.0.1:8889/" clientport = 8889 publickeys = ["nodeKey.pub"] privatekeys = ["nodeKey.key"] passwords = "passwordFile" othernodes = ["http://127.0.0.1:8080/"] tls = "off" ``` ```bash tab="Node-3" nodeurl = "http://127.0.0.1:8082/" nodeport = 8082 clienturl = "http://127.0.0.1:8890/" clientport = 8890 publickeys = ["nodeKey.pub"] privatekeys = ["nodeKey.key"] passwords = "passwordFile" othernodes = ["http://127.0.0.1:8080/"] tls = "off" ``` ## 5. Start Orion Nodes In each `Orion` directory, start Orion specifying the [configuration file](#3-create-a-configuration-file) created in the previous step: ``` orion orion.conf ``` ## 6. Start Pantheon Node-1 In the `Node-1` directory, start Pantheon Node-1: ```bash tab="MacOS" pantheon --data-path=data --genesis-file=../ibftGenesis.json --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --privacy-enabled --privacy-url=http://127.0.0.1:8888 --privacy-public-key-file=Orion/nodeKey.pub ``` ```bash tab="Windows" pantheon --data-path=data --genesis-file=..\ibftGenesis.json --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --privacy-enabled --privacy-url=http://127.0.0.1:8888 --privacy-public-key-file=Orion\nodeKey.pub ``` The command line specifies privacy options: * [`--privacy-enabled`](../Reference/Pantheon-CLI-Syntax.md#privacy-enabled) enables privacy * [`--privacy-url`](../Reference/Pantheon-CLI-Syntax.md#privacy-url) specifies the Orion node URL (`clienturl` in `orion.conf`) * [`--privacy-public-key-file`](../Reference/Pantheon-CLI-Syntax.md#privacy-public-key-file) specifies the file containing Orion node public key (created in [3. Generate Orion Keys](#3-generate-orion-keys)) * [`--rpc-http-api`](../Reference/Pantheon-CLI-Syntax.md#rpc-http-api) includes `EEA` in the list of JSON-RPC APIs to enable privacy JSON-RPC API methods. !!!note The [`--data-path`](../Reference/Pantheon-CLI-Syntax.md#data-path), [`--genesis-file`](../Reference/Pantheon-CLI-Syntax.md#genesis-file), and [`--privacy-public-key-file`](../Reference/Pantheon-CLI-Syntax.md#privacy-public-key-file) options are not used when running Pantheon from the [Docker image](../Getting-Started/Run-Docker-Image.md). When the node starts, the [enode URL](../Configuring-Pantheon/Node-Keys.md#enode-url) is displayed. Copy the enode URL to specify Node-1 as the bootnode in the following steps. ![Node 1 Enode URL](../images/EnodeStartup.png) ### 7. Start Pantheon Node-2 In the `Node-2` directory, start Pantheon Node-2 specifying the Node-1 enode URL copied when starting Node-1 as the bootnode: ```bash tab="MacOS" pantheon --data-path=data --genesis-file=../ibftGenesis.json --bootnodes= --p2p-port=30304 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8546 --privacy-enabled --privacy-url=http://127.0.0.1:8889 --privacy-public-key-file=Orion/nodeKey.pub ``` ```bash tab="Windows" pantheon --data-path=data --genesis-file=..\ibftGenesis.json --bootnodes= --p2p-port=30304 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8546 --privacy-enabled --privacy-url=http://127.0.0.1:8889 --privacy-public-key-file=Orion\nodeKey.pub ``` The command line specifies the same options as for Node-1 with different ports and Orion node URL. The [`--bootnodes`](../Reference/Pantheon-CLI-Syntax.md#bootnodes) option specifies the enode URL for Node-1. !!!note The [`--p2p-port`](../Reference/Pantheon-CLI-Syntax.md#p2p-port) and [`--rpc-http-port`](../Reference/Pantheon-CLI-Syntax.md#rpc-http-port) options are not used when running Pantheon from the [Docker image](../Getting-Started/Run-Docker-Image.md#exposing-ports). ### 8. Start Pantheon Node-3 In the `Node-3` directory and start Pantheon Node-3 specifying the Node-1 enode URL copied when starting Node-1 as the bootnode: ```bash tab="MacOS" pantheon --data-path=data --genesis-file=../ibftGenesis.json --bootnodes= --p2p-port=30305 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8547 --privacy-enabled --privacy-url=http://127.0.0.1:8890 --privacy-public-key-file=Orion/nodeKey.pub ``` ```bash tab="Windows" pantheon --data-path=data --genesis-file=..\ibftGenesis.json --bootnodes= --p2p-port=30305 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT,EEA --host-whitelist=* --rpc-http-cors-origins="all" --rpc-http-port=8547 --privacy-enabled --privacy-url=http://127.0.0.1:8890 --privacy-public-key-file=Orion\nodeKey.pub ``` The command line specifies the same options as for Node-1 with different ports and Orion node URL. The [`--bootnodes`](../Reference/Pantheon-CLI-Syntax.md#bootnodes) option specifies the enode URL for Node-1.