Hardware Security Guide¶
Validator Key Management¶
Production Requirements¶
- Private keys never in git, .env committed, or plain text
- Use HSM or KMS for validator signing keys
- Separate operational keys from treasury keys
- Multi-person access for treasury multisig signers
Supported Solutions¶
| Solution | Use Case |
|---|---|
| AWS CloudHSM | Cloud validator nodes |
| YubiHSM 2 | On-premise validators |
| HashiCorp Vault | Key storage + rotation |
| Ledger + Gnosis Safe | Treasury multisig |
Besu Validator Key¶
# Generate key in HSM (example: vault)
vault write garuda/validators/key1 type=ecdsa
# Mount to Besu (read-only)
--node-private-key-file=/hsm/validator.key
Treasury Multi-Sig¶
Gunakan Gnosis Safe atau GarudaMultiSig dengan:
- 3-of-5 signers minimum
- Hardware wallet untuk setiap signer
- Geographically distributed signers
Key Rotation¶
- Generate new key in HSM
- Add new validator to IBFT config
- Remove old validator after epoch
- Never reuse compromised keys
Audit Requirements¶
- [ ] All validator keys in HSM
- [ ] Treasury signers use hardware wallets
- [ ] Deployer keys burned after deployment
- [ ] Faucet key limited balance (< 1M GAT)