KMS - Key Management System
Iqlusion KMS is a key management system that allows separating key management from Tendermint nodes. In addition, it provides other advantages such as:
- Improved security and risk management policies
- Unified API and support for various HSM (hardware security modules)
- Double signing protection (software or hardware based)
It is recommended that the KMS service runs in a separate physical hosts.
Detailed build instructions can be found here.
When compiling the KMS, ensure you have enabled the applicable features:
|Recommended Command line
cargo build --features yubihsm
cargo build --features ledgertm
cargo build --features softsign
A KMS can be configured in various ways:
Using a YubiHSM
Detailed information on how to setup a KMS with YubiHSM2 can be found here
Using a Ledger device running the Tendermint app
Detailed information on how to setup a KMS with Ledger Tendermint App can be found here
Using the Softsign feature with tmkms
Softsign is not recommended for production.
Otherwise, it could be a good way in order to become familiar with the tendermint kms and understand the concepts behind it.
Here you can find out how to setup it (e.g in a testnet).