# KMS - Key Management System

Tendermint KMS (opens new window) is a key management service that allows separating key management from Tendermint nodes. In addition it provides other advantages such as:

Improved security and risk management policies
Unified API and support for various HSM (hardware security modules)
Double signing protection (software or hardware based)

It is recommended that the KMS service runs in a separate physical hosts.

# Building

Detailed build instructions can be found here (opens new window).

When compiling the KMS, ensure you have enabled the applicable features:

Backend	Recommended Command line
YubiHSM	`cargo build --features yubihsm`
Ledger+Tendermint App	`cargo build --features ledgertm`

# Configuration

A KMS can be configured in various ways:

# Using a YubiHSM

Detailed information on how to setup a KMS with YubiHSM2 can be found here (opens new window)

# Using a Ledger device running the Tendermint app

Detailed information on how to setup a KMS with Ledger Tendermint App can be found here

Found an Issue?

Help us improve this page by suggesting edits on GitHub.

Setting up Tendermint KMS + Ledger

Questions?

Chat with Cosmos developers in Discord or reach out on the SDK Developer Forum to learn more.

cosmos.network

This website is maintained by Tendermint Inc. The contents and opinions of this website are those of Tendermint Inc.