Cronos POS Chain Docs
  • Getting Started
    • 📑Cronos POS Chain Introduction
    • 🔰Architecture
  • For USERS
    • 🌟New brand and domains
    • 💰Wallets
      • chain-maind
      • Ledger Hardware Wallets with chain-maind
      • Crypto.com DeFi Desktop Wallet
      • Conducting IBC Transfer with Keplr Wallet
      • Using Ledger Device with Keplr Wallet
      • Mainnet Address Generation
      • Mainnet Address Verification
      • Multisig Account
      • Delegation Guide
      • Key Principles for Wallet Security
    • 🛠️Token Migration Web Tool
    • 🚰Croeseid Testnet Faucet
  • For Node Hosts
    • ⛓️Running Nodes
      • Public Node Sync
      • Quicksync
      • Cronos POS Chain Mainnet: Running a Full Node
        • Upgrade Guide
          • The "V5" upgrade guide (v4.* to v5.0.1) :
          • The "V4" upgrade guide (v3.* to v4.2.2) :
          • The "DRACO II" upgrade guide (v2.* to v3.3.2) :
          • The "Canis Major" upgrade guide (v1.* to v2.0.1) at block height 922,363:
          • Running "Canis Major" network upgrade with cosmovisor
      • Cronos POS Chain Mainnet: Running a Validator
      • Cronos POS Chain Mainnet Validator Security Checklist
      • Croeseid Testnet: Running Nodes
      • Mainnet/Testnet: Running Nodes using AWS 1-click Deployment
      • Mainnet/Testnet: Running Nodes using Azure 1-click Deployment
      • Croeseid Testnet: Running Nodes With Nix
      • Devnet: Running Latest Development Node
    • 🔄Advanced TMKMS Integration
    • 💫Notes on Performance
    • 🔃Notes on Production Deployment
  • Block Explorers
    • 📊Cronos POS Chain Mainnet Explorer
    • 📊Croeseid Testnet Explorer
  • Cronos PoS Chain Protocol
    • ⛓️Chain Details
      • Genesis
      • Protocol Documentation
      • Chain ID, Address Format and Signatures
      • Create the IBC-enabled tokens on the Cronos POS Chain with Solo Machine
      • List of parameters
      • Proposal Process
      • Technical glossary
    • 🎛️Modules
      • module_supply
      • module_slashing
      • module_authz
      • module_bank
      • module_mint
      • module_gov
      • module_staking
      • module_distribution
      • module_nft
  • Cronos PoS Integration
    • 🔄Integration documentation
    • 🛂Node Setup and RPC node
    • 🔲Blocks and Transactions
Powered by GitBook
On this page
  • Setting up Tendermint KMS for signing blocks (only for validators)
  • Configuration
  • Obtaining the consensus/validator public key
  1. For Node Hosts

Notes on Production Deployment

PreviousNotes on PerformanceNextChain Details

Last updated 4 months ago

  • See and

  • Validators shouldn’t be exposed directly to the internet

  • RPC shouldn’t be exposed directly to the internet (as it currently doesn’t support rate-limiting, authentication…)

  • Validator block signing should be via

Setting up Tendermint KMS for signing blocks (only for validators)

Currently (tmkms v0.7), the system is still a bit Cosmos-centric, so the setup is slightly quirky.

Configuration

As per the , create ~/.tmkms/tmkms.toml (or any path) with something like:

[[chain]]
id = "<CHAIN_ID>"
key_format = { type = "hex" }

[[validator]]
addr = "unix:///<TMKMS_SOCKET_PATH>"
chain_id = "<CHAIN_ID>"

[[providers.<USED SIGNING PROVIDER>]]
chain_ids = ["<CHAIN_ID>"]

In ~/.tendermint/config/config.toml (or wherever located), set the socket address to the same one as in tmkms.toml:

priv_validator_laddr = "unix:///<TMKMS_SOCKET_PATH>"

Obtaining the consensus/validator public key

Step 0. Generate/Initialize the key pair or seed

Step 0 depends on the signing provider -- e.g. for Ledger devices, one may need to enable developer mode in Ledger Live settings and install the Tendermint validator app.

Step 1. Obtain the public key in the correct encoding

Depending on the signing provider, there may be a command to print out the public key. One other option is to run tmkms start -c .tmkms/tmkms.toml -v where -v is for verbose logging; the log may then include a message ... added consensus key <KEY_HEX_PAYLOAD>.

The public key hex payload is Amino-encoded -- for the use in Tendermint configurations, there are two steps that need to be done:

  1. strip off the Amino prefix; in the case of Ed25519 public keys, it's 5 bytes: 0x16, 0x24, 0xDE, 0x64, 0x20.

  2. convert the stripped-off KEY_HEX_PAYLOAD to base64.

Step 2. Place/Use the public key where needed

For example, generate the genesis.json with it if the corresponding node is one of the initial validators.

Step 3. Start up everything

As before, but along with tendermint node, tmkms start -c .tmkms/tmkms.toml should also be launched.

🔃
Tendermint notes on running in production
notes on setting up a validator
tmkms
example