Tendermint Key Management System (KMS) , a.k.a. tmkms , is a signature service backed by Hardware Security Modules (HSMs), namely YubiHSM2 devices from Yubico, and soon, the Ledger Nano S . It’s intended to be run alongside Cosmos Validators, ideally on separate physical hosts, providing defense-in-depth for online validator signing keys as well as a central signing service that can be used when operating multiple validators in several Cosmos Zones.

This release (and the previous, unannounced v0.1 release) contain initial support for using tmkms as a priv_validator backend, providing full end-to-end support for storing consensus keys in a YubiHSM2 device and using them on the upcoming gaia-9002 and Game of Stakes testnets.

Note that the code is presently alpha quality and this will be the first time it is (potentially) usable on a live testnet. Expect crashes, bugs, and protocol changes for the time being.

Installation

For detailed install instructions, please see:

Short list:

Install Rust: https://rustup.rs/ Install tmkms: cargo install tmkms Linux: Configure udev

Creating YubiHSM validator key

Please see tmkms v0.0.1 release notes for details on creating a validator key.

Configure gaiad to accept tmkms connections

tmkms acts as a TCP client for gaiad. An approximate network diagram:

[tmkms] -> [validator gaiad] -> [sentry gaiad] -> [cosmos p2p]

To configure gaiad to accept connections from tmkms , use the newly added priv_validator_laddr configuration option in ~/.gaiad/config/config.toml :

priv_validator_laddr = "tcp://10.11.12.13:26657"

Configuring tmkms

Start with tmkms.toml.example which contains an example KMS configuration:

# Example KMS configuration file # # Copy this to 'kms.toml' and edit for your own purposes [[validator]] addr = "tcp://example1.example.com:26658" # or "unix:///path/to/socket" chain_id = "gaia-9000" reconnect = true # true is the default secret_key = "path/to/secret_connection.key" [[providers.yubihsm]] adapter = { type = "usb" } auth = { key = 1, password = "password" } # Default YubiHSM admin credentials. Change ASAP! keys = [{ id = "gaia-9000", key = 1 }] #serial_number = "0123456789" # identify serial number of a specific YubiHSM to connect to

The addr field of [validator] contains the address of the validator. Typically, this will match priv_validator_laddr from the gaiad configuration.

Launching tmkms

Launch tmkms with tmkms start , which accepts an optional -c parameter pointing to the configuration:

tmkms -c ~/.tmkms/tmkms.toml

This will launch tmkms, connect to gaiad (if running), and begin providing the signature service

Help/Support

Having trouble setting up tmkms ? Please post on this thread, or in the Cosmos Validators Riot channel.

Thanks!