Server config
In trio, mobile talks to "first" server, over a single websocket endpoint. The "second" server is used in inter-server communication, during keygen and recovery, hence not exposed to mobile. By default the endpoint points at the public demo:
| Purpose | Default value |
|---|---|
MPC websocket (WebsocketConfig.url) | wss://trio-server.demo.silencelaboratories.com |
| Cloud verifying key | 9c4c79e942bbc3ff1d6ace7256404d701498056978cc4638c35832acdf821b1e |
You'll typically swap these for one of three reasons: pointing at your own dev servers, running locally for hacking, or moving to a production deployment of your own.
Unlike duo, trio does not call an HTTP endpoint for export — session.export(keyshare), so there is no DEMO_SERVER_HTTP_URL to configure.
Where the values live
The websocket URL, port, and cloud verifying key are all defined in VaultSessionManager.
- Android
- iOS / macOS
companion object {
private const val DEMO_SERVER_URL = "wss://trio-server.demo.silencelaboratories.com"
private const val DEMO_SERVER_PORT = 8080
private const val CLOUD_VERIFYING_KEY =
"9c4c79e942bbc3ff1d6ace7256404d701498056978cc4638c35832acdf821b1e"
}
private val websocketConfig = WebsocketConfig(
url = DEMO_SERVER_URL,
port = DEMO_SERVER_PORT,
isSecure = false,
)
private static let demoServerUrl = "wss://trio-server.demo.silencelaboratories.com"
private static let demoServerPort = 8080
private static let cloudVerifyingKey =
"9c4c79e942bbc3ff1d6ace7256404d701498056978cc4638c35832acdf821b1e"
private func createWebsocketConfig() -> WebsocketConfig {
WebsocketConfig(url: Self.demoServerUrl)
}
Pointing at local Trio servers
Trio runs two server processes (first and second) instead of duo's one. The full local-setup walkthrough — Docker compose file, environment variables, and the script that prints the cloud verifying key — is in Get started with Trio Servers. Read that first; it ends with both containers up and a verifying key in the logs.
Once your local servers are running, change two values in the example:
- Vault websocket URL (
VaultSessionManager.<DEMO_SERVER_URL|demoServerUrl>) — point at your localfirsttrio server endpoint. - Cloud verifying key (
VaultSessionManager.<CLOUD_VERIFYING_KEY|cloudVerifyingKey>) — copy the hex string thefirstlocal server prints on startup. The wss handshake fails silently if this doesn't match the server's signing key.
- Android
- iOS / macOS
The Android emulator routes localhost to the emulator itself, not the host. Use 10.0.2.2 to reach servers running on the host machine:
companion object {
private const val DEMO_SERVER_URL = "ws://10.0.2.2:8080"
private const val DEMO_SERVER_PORT = 8080
private const val CLOUD_VERIFYING_KEY = "<hex from local server logs>"
}
isSecure = false is already set in the existing WebsocketConfig ctor for the demo URL — leave it false for ws://, flip to true for wss://.
For the iOS Simulator and macOS targets, localhost works directly:
private static let demoServerUrl = "ws://localhost:8080"
private static let demoServerPort = 8080
private static let cloudVerifyingKey = "<hex from local server logs>"
For a ws:// (cleartext) connection you'll need to allow arbitrary loads. Add to Info.plist (or to the build settings via INFOPLIST_KEY_*):
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you're running the servers on a different machine on your LAN, swap localhost for the host's LAN IP.