Tendermint Key Management System (KMS) , a.k.a. TMKMS , is a signature service with support for Hardware Security Modules (HSMs), such as YubiHSM2 and Ledger Nano S . It’s intended to be run alongside Cosmos Validators, ideally on separate physical hosts, providing defense-in-depth for online validator signing keys, double signing protection, and functioning as a central signing service that can be used when operating multiple validators in several Cosmos Zones.

We’ve just released v0.9.0: a maintenance release with dependency upgrades and a handful of breaking changes.

Breaking Changes

protocol_version now mandatory attribute of [[validator]]

This is the most important thing to double check before deploying v0.9.0!

Please double check your tmkms.toml file’s [[validator]] entries and make sure they have a protocol_version field like so:

[[validator]]
chain_id = "cosmoshub-3"
protocol_version = "legacy"

If this field is missing, please add protocol_version = "legacy". If it’s absent, TMKMS will not start!

Note: this release includes a protocol_version = "v0.34" (i.e. Stargate) option, but it’s incomplete and cannot yet be used on Stargate testnets. Stay tuned for some future v0.10.0 alpha releases which will work on Stargate testnets!

ledgertm cargo feature renamed to ledger

If you’re using the Ledger Tendermint application for validating and previously built it like this:

$ cargo build --release --features ledgertm

You will need to change it to:

$ cargo build --release --features ledger

Please respond on this thread if you have any problems upgrading!