Tendermint Key Management System (KMS) , a.k.a.
tmkms, is a signature service with support for Hardware Security Modules (HSMs), such as YubiHSM2. It’s intended to be run alongside Cosmos Validators, ideally on separate physical hosts, providing defense-in-depth for online validator signing keys, double signing protection, and functioning as a central signing service that can be used when operating multiple validators in several Cosmos Zones.
We’ve just released v0.11: a maintenance/bugfix release with upgraded dependencies and a new command line interface. We are presently running this release in production at iqlusion.
Notable bugfixes include what appears to be a permanent fix for a longstanding issue: sporadic deadlocks occurring in the YubiHSM2 driver.
This release also brings with it significant improvements to the command-line interface UX, including a much friendlier help system with complete information about all command line arguments.
You can view the full release notes here:
P.S.: for anyone who happens to be curious, gRPC is the next thing on our radar