i have
#priv_validator_key_file = "config/priv_validator_key.json"
along with
priv_validator_laddr = "tcp://x.x.x.x:yyyyy"
in place.
A gaiad restart creates another priv_validator_key.json, which caused me problems until i just left the actual key in there. The HSM is signing fine.
There is no reason to leave the key in the node when you have in HSM. I must be doing something wrong. How do I tell gaiad that the PK is nowhere local?!