Question 1

How to install tmkms on Ubuntu for a Cosmos validator?

Accepted Answer

Install libusb-dev and Rust via rustup, then compile with cargo using features like --features=yubihsm. Run tmkms init to generate configuration files and customize the tmkms.toml file as needed.

Question 2

Is tmkms better than keeping keys in the validator software?

Accepted Answer

tmkms isolates keys on separate hardware or HSMs, enhancing security against compromises, but adds complexity compared to integrated management. It's ideal for validators prioritizing slashing prevention over simplicity.

Question 3

Can tmkms work without an HSM?

Accepted Answer

Yes, via the softsign backend using ed25519-dalek, but the README explicitly discourages this for production due to lack of hardware security benefits, making it a last resort.

Question 4

What happens if my tmkms instance crashes?

Accepted Answer

Since it's designed for high-availability on a separate host, a crash may cause the validator to miss blocks. The README warns against running multiple instances for redundancy due to double-signing risks.

Question 5

Is tmkms compatible with all Tendermint chains?

Accepted Answer

It supports well-known chains like Cosmos Hub and Osmosis via the -n flag in init, but may require manual configuration for custom networks based on their specific settings.

Question 6

How does tmkms compare to AWS KMS for validators?

Accepted Answer

tmkms is open-source and tailored for Tendermint, offering control and HSM integration, while AWS KMS provides managed services but may lack direct support for validator-specific features like double-signing prevention.

tmkms

What is tmkms?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions