You may consider separating your validator's consensus key, as well as validator and peggo keys off of your instances in order to improve security.
To that end, Tendermint offers a tmkms service which supports remote signing.
peggo binary currently doesn't support remote signing via
tmkms, you can consider using tmkms to enhance security and decentralization factor for your validator nodes.
We provide this guide with
softsign option as it can be evaluated easily and the flow is basically the same for all three options beside authentication for HSM.
- Initialize config
- Configure kms service
injectivedremote signing feature
We have to start services in this order so
injectived can pick up
tmkms traffic to successfully boots up.
Also make sure to stop the services in reverse order, from