is a Key Management Service (KMS) that allows separating key management from Tendermint nodes. In addition it provides other advantages such as:
Improved security and risk management policies
Unified API and support for various HSM (hardware security modules)
Double signing protection (software or hardware based)
It is recommended that the KMS service runs in a separate physical hosts.
You will need the following prerequisites:
✅ Rust (stable; 1.56+): https://rustup.rs/
✅ C compiler: e.g. gcc, clang
✅ pkg-config
✅ libusb (1.0+). Install instructions for common platforms
✅ Debian/Ubuntu
✅ RedHat/CentOS
✅ macOS (Homebrew)
Configure RUSTFLAGS
environment variable:
We are ready to install KMS. There are 2 ways to do this: compile from source or install with Rusts cargo-install. We’ll use the first option.
The following example adds --features=ledger
to enable Ledger support. tmkms
can be compiled directly from the git repository source code, using the following commands:
If successful, it will produce the tmkms
executable located at: ./target/release/tmkms
.
A KMS can be configured using the following HSMs
Alternatively, substitute --features=yubihsm
to enable support.
Detailed information on how to setup a KMS with can be found .
Detailed information on how to setup a KMS with Ledger Tendermint App can be found .