deep-stack/laconicd-deprecated
7
0
Fork 0
forked from cerc-io/laconicd-deprecated
Code Pull Requests Activity
7b3ceec0b8
laconicd-deprecated/docs/guides/kms/kms.md
Federico Kunze Küllmer ea3ec3b7c6
docs: testnet (#458) 
* testnet docs

* more changes

* testnet and validators
2021-08-19 10:23:33 +00:00

1.2 KiB
Raw Blame History

Tendermint KMS

Tendermint KMS is a key management service that allows separating key management from Tendermint nodes. In addition it provides other advantages such as:

  • Improved security and risk management policies
  • Unified API and support for various HSM (hardware security modules)
  • Double signing protection (software or hardware based)

It is recommended that the KMS service runs in a separate physical hosts.

Building

Detailed build instructions can be found here.

::: tip When compiling the KMS, ensure you have enabled the applicable features: :::

Backend Recommended Command line
YubiHSM cargo build --features yubihsm
Ledger + Tendermint App cargo build --features ledgertm

Configuration

A KMS can be configured using the following HSMs:

Using a YubiHSM

Detailed information on how to setup a KMS with YubiHSM2 can be found here