TMKMS Setup

This guide assume you have already installed TMKMS and are adding a new chain.

mkdir ~/kms
cd ~/kms

# make chain directory
mkdir bera
cd bera
tmkms init .

#copy/paste your priv_validator_key.json from your validator in this file
nano ~/kms/bera/secrets/priv_validator_key.json 

#Softsign key

tmkms softsign import secrets/priv_validator_key.json secrets/validator_key.key

#remove validator key after signing
rm ~/kms/bera/secrets/priv_validator_key.json

Modify tmkms.toml:

nano tmkms.toml

# Tendermint KMS configuration file
## Chain Configuration
[[chain]]
id = "artio-80085"
key_format = { type = "bech32", account_key_prefix = "tnam", consensus_key_prefix = "cosmosvalconspub" }
state_file = "/home/<user>/kms/namada/state/berachain-consensus.json"

## Signing Provider Configuration
### Software-based Signer Configuration
[[providers.softsign]]
chain_ids = ["artio-80085"]
key_type = "consensus"
path = "/home/<user>/kms/namada/secrets/validator_key.key"

## Validator Configuration
[[validator]]
chain_id = "artio-80085"
addr = "tcp://<ValidatorIP>:26659"
secret_key = "/home/user/kms/bera/secrets/kms-identity.key"
# this may need to be updated via {daemon} tendermint version
protocol_version = "v0.34"
reconnect = true

Create a service file:

sudo nano /etc/systemd/system/tmkms-namada.service

# unit file
[Unit]
Description=Berachain TMKMS
After=network.target

[Service]
Type=simple
User=<user>
WorkingDirectory=/home/<user>/
ExecStart=/home/<user>/.cargo/bin/tmkms start -c /home/<user>/kms/bera/tmkms.toml
Restart=always
RestartSec=3
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

Then, we'll enable the service file and start it:

sudo systemctl daemon-reload 
sudo systemctl enable tmkms-berachain
sudo systemctl restart tmkms-berachain
journalctl -u tmkms-berachain -f

Update Target Validator Node:

nano ~/home/<user>/.berad/config.toml

# modify validator config.toml

-> priv_validator_laddr = "tcp://0.0.0.0:26659"
-> # priv_validator_key_file = "config/priv_validator_key.json"
-> # priv_validator_state_file = "data/priv_validator_state.json"

# remove validator key from node
rm ~/home/<user>/.berad/config/priv_validator_key.json

# open ports 
sudo ufw allow from <IP ADDRESS OF SIGNER> to any port 26659 


# restart daemon
sudo systemctl restart berad
journalctl -u berad -f

Note: you may need to restart tmkms-berachain on the TMKMS server after opening ports:

sudo systemctl restart tmkms-berachain
journalctl -u tmkms-berachain -f

PreviousCLI Cheatsheet NextHorcrux Setup

Last updated 1 year ago

Was this helpful?

mkdir ~/kms cd ~/kms # make chain directory mkdir bera cd bera tmkms init . #copy/paste your priv_validator_key.json from your validator in this file nano ~/kms/bera/secrets/priv_validator_key.json #Softsign key tmkms softsign import secrets/priv_validator_key.json secrets/validator_key.key #remove validator key after signing rm ~/kms/bera/secrets/priv_validator_key.json

nano tmkms.toml # Tendermint KMS configuration file ## Chain Configuration [[chain]] id = "artio-80085" key_format = { type = "bech32", account_key_prefix = "tnam", consensus_key_prefix = "cosmosvalconspub" } state_file = "/home/<user>/kms/namada/state/berachain-consensus.json" ## Signing Provider Configuration ### Software-based Signer Configuration [[providers.softsign]] chain_ids = ["artio-80085"] key_type = "consensus" path = "/home/<user>/kms/namada/secrets/validator_key.key" ## Validator Configuration [[validator]] chain_id = "artio-80085" addr = "tcp://<ValidatorIP>:26659" secret_key = "/home/user/kms/bera/secrets/kms-identity.key" # this may need to be updated via {daemon} tendermint version protocol_version = "v0.34" reconnect = true

sudo nano /etc/systemd/system/tmkms-namada.service # unit file [Unit] Description=Berachain TMKMS After=network.target [Service] Type=simple User=<user> WorkingDirectory=/home/<user>/ ExecStart=/home/<user>/.cargo/bin/tmkms start -c /home/<user>/kms/bera/tmkms.toml Restart=always RestartSec=3 LimitNOFILE=65535 [Install] WantedBy=multi-user.target

nano ~/home/<user>/.berad/config.toml # modify validator config.toml -> priv_validator_laddr = "tcp://0.0.0.0:26659" -> # priv_validator_key_file = "config/priv_validator_key.json" -> # priv_validator_state_file = "data/priv_validator_state.json" # remove validator key from node rm ~/home/<user>/.berad/config/priv_validator_key.json # open ports sudo ufw allow from <IP ADDRESS OF SIGNER> to any port 26659 # restart daemon sudo systemctl restart berad journalctl -u berad -f