[ANN] Tendermint KMS v0.8: Tendermint v0.33 support

iqlusion · June 9, 2020, 1:54am

Tendermint Key Management System (KMS) , a.k.a. tmkms, is a signature service with support for Hardware Security Modules (HSMs), such as YubiHSM2 and Ledger Nano S . It’s intended to be run alongside Cosmos Validators, ideally on separate physical hosts, providing defense-in-depth for online validator signing keys, double signing protection, and functioning as a central signing service that can be used when operating multiple validators in several Cosmos Zones.

We’ve just released a v0.8.0-alpha1 with initial support for Tendermint v0.33, which can be used simultaneously in conjunction with pre-Tendermint v0.33 chains (e.g. cosmoshub-3, columbus-3) by toggling a configuration option. See the example config file for the notation:

github.com

iqlusioninc/tmkms/blob/6a147e5/tmkms.toml.example#L32


# state_file = "/path/to/irishub_priv_validator_state.json"

## Validator configuration
[[validator]]
addr = "tcp://f88883b673fc69d7869cab098de3bafc2ff76eb8@example1.example.com:26658"
# or addr = "unix:///path/to/socket"
chain_id = "cosmoshub-1"
reconnect = true # true is the default
secret_key = "path/to/secret_connection.key"
# max_height = "500000"
protocol_version = "v0.33" # "legacy" is the default

## Signing provider configuration

# enable the `yubihsm` feature to use this backend
[[providers.yubihsm]]
adapter = { type = "usb" }
auth = { key = 1, password_file = "/path/to/password" } # or pass raw password as `password`
keys = [{ chain_ids = ["cosmoshub-1"], key = 1 }]
#serial_number = "0123456789" # identify serial number of a specific YubiHSM to connect to
#connector_server = { laddr = "tcp://127.0.0.1:12345", cli = { auth_key = 2 } } # run yubihsm-connector compatible server

We’re presently running the v0.8.0-alpha1 release in production (albeit with the “legacy” support) and are looking for more people to do initial testing on Tendermint v0.33 chains before we cut a final release.

Please try it out and let us know!

mattharrop · June 9, 2020, 10:52am

Running at figment on legacy chains.

iqlusion · June 25, 2020, 8:54pm

We’ve just published a v0.8.0-rc0 release which includes some exciting new features we intend to announce after a final v0.8.0 release.

In the meantime, we’d love any feedback on this RC before a final release. We’re presently running it in production on cosmoshub-3 and columbus-3.

iqlusion · July 6, 2020, 4:41pm

tmkms v0.8.0 final is out. You can read the release announcement here:

Topic		Replies	Views
[ANN] Tendermint KMS v0.2: Validator Signing Support Validation	42	8877	December 12, 2018
[ANN] Tendermint KMS v0.13: maintenance/bugfix release with secp256k1 consensus support Validation	1	368	November 25, 2023
[ANN] Tendermint KMS v0.11: maintenance/bugfix release Validation	0	956	February 11, 2022
[ANN] Tendermint KMS v0.9: pre-Stargate maintenance release Validation	0	1130	October 22, 2020
[ANN] Tendermint KMS v0.10: now with Stargate compatibility Validation	0	910	February 16, 2021

[ANN] Tendermint KMS v0.8: Tendermint v0.33 support

Related topics