Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: add doc for encryption password entry #1731

Merged
merged 13 commits into from
Feb 13, 2024
1 change: 1 addition & 0 deletions changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

* [1630](https://github.com/zeta-chain/node/pull/1630) added password prompts for hotkey and tss keyshare in zetaclient
Starting zetaclient now requires two passwords to be input; one for the hotkey and another for the tss key-share.
* [1731](https://github.com/zeta-chain/node/pull/1731) added doc for hotkey and tss key-share password prompts.
kevinssgh marked this conversation as resolved.
Show resolved Hide resolved

### Fixes

Expand Down
34 changes: 34 additions & 0 deletions docs/zetaclient/migration_v12.2->v12.3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
## Hot Key and TSS key-share Passwords

### Zetaclient
Previously there were two environment variables being used to store passwords encrypting the tss key file and local operator keyring file:

* HOTKEY_PASSWORD
* TSS_FRAGMENT_SEED

With this new change, these variables will no longer be valid.
Instead, a series of prompts will appear asking for passwords using STDIN during the startup process.

* Hot Key password
* TSS Key share password

If your key files are already encrypted, you can use the same passwords you provided in the environment variables.

**It's extremely important to take note of these passwords or commit them to memory.**

### Hot Key

#### File backend

* The hot key will use the existing keyring that holds your operator key. The file will be encrypted with your existing password,
make sure to use this same password when starting the client.

#### Test backend

* You will still be prompted for a password, but you need to leave it blank which indicates the test backend is being used.

### TSS Key-Share

During key-gen, the password you enter will be used to encrypt the generated key-share file. The key data will be stored in
memory once the process is running. If the client needs to be restarted, this key-share file needs to be present on your
machine and will be decrypted using the password you've entered.
Loading