I’m interested in setting up my own Validator, but I don’t have any data center access nor do I particularly want any. I want to run the whole Validator in a Cloud, like AWS. I’ve read up on Sentry Nodes and those are easy to create in AWS. However, the docs state that you can’t run the Validator itself in a Cloud.
There currently exists no appropriate cloud solution for validator key management. This may change in 2018 when cloud SGX becomes more widely available. For this reason, validators must set up a physical operation secured with restricted access. A good starting place, for example, would be co-locating in secure data centers
Is there a way around this? I understand that the Cloud Provided KMS services don’t support the necessary signatures (
ed25519), but could you use a third party key management tool instead? Something like Vault maybe.
There’s not – if you’re serious about running a validator, you do need physical hardware. Even if - at some point - cloud providers do offer KMS services for ed25519, it’s arguable whether they provide a sufficient level of assurance.
Running a software key store like Vault provides a much lower level of security than a hardware-based HSM, which uses a secure element which makes key extraction difficult even with physical access. For a software HSM, you could just do a memory dump or use an attack like Spectre to exfiltrate the key.
I posted the same question in the Validator Community chat and had some discussion there.
I basically was under the assumption that a HSM was a requirement, but it’s not. It’s a strong recommendation. It’s possible to use a KMS that doesn’t have an HSM or to use no KMS at all. You can use things like Vault or basically anything that supports
There are obviously risks associated with each possible architecture. As @certus_zl said, a HSM is obviously the most secure and harder to penetrate compared to a software based HSM.
Its my understanding that using some things like KMS in cloud and other security features that are on the horizon it may be possible to run a secure cloud validator. I haven’t seen more detail there however and I’m actively looking for more information in the space (so if you have some please post it here! ).
There is however the concern that, as a validator, you will need to market yourself as a secure place to delegate to. Will you be able to do that if you are running only in the cloud? This depends on who your customers are and whether you are able to convince the delegators that your cloud installation is secure.