search

πŸ” Security β€” How We Store Keys and Manage Access

hashtag
Overview

Security of validator keys and node infrastructure is a top priority. We apply layered protection measures, combining hardware isolation, secure key management, and redundant backups to ensure reliability and resilience against potential failures or attacks.

hashtag
Key Management Architecture

  • TMKMS (Tendermint Key Management System) Keys are never stored directly on validator nodes. Instead, the TMKMS service is used for remote signing β€” it securely holds the validator private key and signs blocks via a dedicated communication channel. This separation prevents key exposure even if the validator node is compromised.

  • Softsign or HSM (Hardware Security Module)

    • For development and testing: softsign is used for software-based signing within TMKMS.

    • For production environments: keys are stored inside HSMs β€” tamper-resistant hardware devices that protect against unauthorized extraction and guarantee secure signing operations.

hashtag
Backup and Recovery

  • Encrypted Backups: All key material (mnemonics, TMKMS configs, HSM recovery keys) is stored in encrypted form using strong AES-256 encryption.

  • Redundant Storage: Backups are stored on multiple offline devices (e.g., encrypted USB or external drives) in geographically separate locations.

  • Access Control: Only authorized operators have access to key material, following a principle of least privilege.

  • Regular Verification: Backup integrity is tested periodically to ensure recoverability and consistency with the active configuration.

hashtag
Secure Access Control

  • SSH Key Authentication Only: Password-based SSH login is disabled. Only authorized SSH keys are allowed.

  • Firewall and Network Isolation: Only required ports (e.g., Tendermint P2P, RPC, TMKMS connection) are open. Validators and TMKMS communicate over a dedicated private network or through VPN tunnels.

  • System Hardening:

    • Regular OS updates and security patches

    • Limited sudo access

    • 2FA for remote management

    • Audit logs for all administrative actions

hashtag
Summary

Our approach combines hardware-level protection, TMKMS-based isolation, and redundant encrypted backups to ensure validator key safety, operational continuity, and full compliance with best security practices for blockchain infrastructure.

Previous🌐 Our ValidatorsNextπŸ“Š Grafana / Prometheus / Alerting

Last updated