KMS - Key Management System
What is a KMS?
Please refer to kms.
Detailed build instructions can be found here.
When compiling the KMS, ensure you have enabled the applicable features:
|Backend||Recommended Command line|
If you want to enable KMS, you need to edit
priv_validator_laddr in your
<iris_home>/config/config.toml file first. E.g.:
# TCP or UNIX socket address for Tendermint to listen on for # connections from an external PrivValidator process priv_validator_laddr = "localhost:26658"
You can download the example config file with support for IRIShub, you just have to edit it as follows:
addrto point to your
chain-idto match your
authto authorize access to your yubihsm.
keysto determine which pubkey you will be using.
Then start tmkms:
A KMS can be configured in various ways:
Using a YubiHSM
Detailed information on how to setup a KMS with YubiHSM2 can be found here.
If you want to import IRIShub private_key that already exists, you can:
tmkms yubihsm keys import <iris_home>/config/priv_validator.json -i <id>
Using a Ledger device running the Tendermint app