35 lines
1.2 KiB
Markdown
35 lines
1.2 KiB
Markdown
|
<!--
|
||
|
order: 1
|
||
|
-->
|
||
|
|
||
|
# Tendermint KMS
|
||
|
|
||
|
[Tendermint KMS](https://github.com/iqlusioninc/tmkms) is a key management service that allows separating key management from Tendermint nodes. In addition it provides other advantages such as:
|
||
|
|
||
|
- Improved security and risk management policies
|
||
|
- Unified API and support for various HSM (hardware security modules)
|
||
|
- Double signing protection (software or hardware based)
|
||
|
|
||
|
It is recommended that the KMS service runs in a separate physical hosts.
|
||
|
|
||
|
## Building
|
||
|
|
||
|
Detailed build instructions can be found [here](https://github.com/iqlusioninc/tmkms#installation).
|
||
|
|
||
|
::: tip
|
||
|
When compiling the KMS, ensure you have enabled the applicable features:
|
||
|
:::
|
||
|
|
||
|
| Backend | Recommended Command line |
|
||
|
|-------------------------|-----------------------------------|
|
||
|
| YubiHSM | `cargo build --features yubihsm` |
|
||
|
| Ledger + Tendermint App | `cargo build --features ledgertm` |
|
||
|
|
||
|
## Configuration
|
||
|
|
||
|
A KMS can be configured using the following HSMs:
|
||
|
|
||
|
### Using a YubiHSM
|
||
|
|
||
|
Detailed information on how to setup a KMS with YubiHSM2 can be found [here](https://github.com/iqlusioninc/tmkms/blob/master/README.yubihsm.md)
|