MetaNova Verse Documentation
  • MetaNova Verse Introduction
    • Metanovaverse
    • Tokens
    • Transactions
    • Inflation
    • Keys
      • Keyring
      • Multisig
    • Gas Fees
    • Wallet and Accounts
      • Adding Metanovaverse to Metamask
      • Adding Metanovaverse to Keplr
      • Transfers Between Wallets
      • Backup
    • Deploying Smart Contracts
      • Remix
      • Hardhat
  • Metanovaverse Summary
  • The MNV Token
  • Governance
    • Proposals
      • Proposal Tips
      • Submit a Proposal
    • Community Pool
    • Chain Parameters
  • Technical Concepts
    • Architecture
    • Accounts
    • Chain ID
    • Encoding
    • Pending State
  • dApp Developers
    • Establishing Connections
    • Metanovaverse Clients
    • Guides
      • Wallet Integration
      • Smart Contract Incentive Registration
      • Tracing Transactions
      • Query Balances
    • Testnet
      • Testnet Commands
    • Ethereum JSON-RPC
      • JSON-RPC Server
      • Running the Server
      • Namespaces
      • JSON-RPC Methods
      • Events
  • Protocol Developers
    • Modules
      • auth
        • Concepts
        • State
        • AnteHandlers
        • Keepers
        • Vesting
        • Parameters
        • Client Auth
      • bank
        • State
        • Keepers
        • Messages
        • Events
        • Parameters
        • Client
      • crisis
        • State
        • Messages
        • Events
        • Parameters
        • Client
      • distribution
        • Concepts
        • State
        • Begin Block
        • Messages
        • Hooks
        • Events
        • Parameters
        • Client
      • epochs
        • Concepts
        • State
        • Events
        • Keepers
        • Hooks
        • Queries
        • Future Improvements
      • erc20
        • Concepts
        • State
        • State Transitions
        • Transactions
        • Hooks
        • Events
        • Parameters
        • Clients
      • evidence
        • Concepts
        • State
        • Messages
        • Events
        • Parameters
        • BeginBlock
        • Client
      • evm
        • Concepts
        • State
        • State Transitions
        • Transactions
        • ABCI
        • Hooks
        • Events
        • Parameters
        • Client
      • feemarket
        • Concepts
        • State
        • Begin block
        • End block
        • AnteHandlers
        • Keeper
        • Events
        • Client
        • Future Improvements
        • Parameters
      • feesplit
        • Concepts
        • State
        • State Transitions
        • Transactions
        • Hooks
        • Events
        • Parameters
        • Clients
        • Future Improvements
      • gov
        • Concepts
        • State
        • Messages
        • Events
        • Future Improvements
        • Parameters
        • Client
      • incentives
        • Concepts
        • State
        • State Transitions
        • Transactions
        • Hooks
        • Events
        • Parameters
        • Clients
      • ibc-core
      • inflation
        • Concepts
        • State
        • Hooks
        • Events
        • Parameters
        • Clients
      • slashing
        • Concepts
        • State
        • Messages
        • BeginBlock
        • Hooks
        • Events
        • Staking Tombstone
        • Parameters
        • CLI
      • staking
        • State
        • State Transitions
        • Messages
        • Begin-Block
        • End-Block
        • Hooks
        • Events
        • Parameters
        • Client
      • upgrade
        • Concepts
        • State
        • Events
        • Client
        • Resources
      • vesting
        • Concepts
        • State
        • State Transitions
        • Transactions
        • AnteHandlers
        • Events
        • Clients
  • Validators
    • Quick Start
    • Telemetry
    • Security
      • Tendermint KMS
      • Tendermint KMS + Ledger
      • Validator Security Checklist
      • Validator Backup
    • Snapshots, Archive Nodes
    • FAQ
  • Delegators
    • Staking Process
  • Tokenomics
  • Block Explorers
Powered by GitBook
On this page
  • Install Tendermint KMS onto the node
  • Configuration
  1. Validators
  2. Security

Tendermint KMS

PreviousSecurityNextTendermint KMS + Ledger

is a Key Management Service (KMS) that allows separating key management from Tendermint nodes. In addition it provides other advantages such as:

  • Improved security and risk management policies

  • Unified API and support for various HSM (hardware security modules)

  • Double signing protection (software or hardware based)

It is recommended that the KMS service runs in a separate physical hosts.

Install Tendermint KMS onto the node

You will need the following prerequisites:

✅ Rust (stable; 1.56+): https://rustup.rs/

✅ C compiler: e.g. gcc, clang

✅ pkg-config

✅ libusb (1.0+). Install instructions for common platforms

✅ Debian/Ubuntu

apt install libusb-1.0-0-dev

✅ RedHat/CentOS

yum install libusb1-devel

✅ macOS (Homebrew)

brew install libusb

For x86_64 architecture only:

Configure RUSTFLAGS environment variable:

export RUSTFLAGS=-Ctarget-feature=+aes,+ssse3

We are ready to install KMS. There are 2 ways to do this: compile from source or install with Rusts cargo-install. We’ll use the first option.

Compile from source code

The following example adds --features=ledger to enable Ledger support. tmkms can be compiled directly from the git repository source code, using the following commands:

gh repo clone iqlusioninc/tmkms && cd tmkms
[...]
cargo build --release --features=ledger

If successful, it will produce the tmkms executable located at: ./target/release/tmkms.

Configuration

A KMS can be configured using the following HSMs

YubiHSM

Ledger Tendermint app

Alternatively, substitute --features=yubihsm to enable support.

Detailed information on how to setup a KMS with can be found .

Detailed information on how to setup a KMS with Ledger Tendermint App can be found .

Tendermint KMS
YubiHSM
YubiHSM 2
here
here