Need help with kms?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

129 Stars 35 Forks Apache License 2.0 867 Commits 28 Opened issues


Key Management service for Tendermint Validator nodes

Services available


Need anything else?

Contributors list


This repo has been deprecated. Development work continues in iqlusioninc/tmkms. Please reference that repository in the future.

Tendermint KMS 🔐

Crate Build Status Apache 2.0 Licensed MSRV

Key Management System for Tendermint applications, initially targeting Cosmos Validators.


This repository contains

, a key management service intended to be deployed in conjunction with Tendermint applications (ideally on separate physical hosts) which provides the following:
  • High-availability access to validator signing keys
  • Double-signing prevention even in the event the validator process is compromised
  • Hardware security module storage for validator keys which can survive host compromise


Tendermint KMS is currently beta quality. It has undergone one security audit with only one low-severity finding.

Double Signing / High Availability

Tendermint KMS implements beta quality double signing detection. It has undergone some testing, however we do not (yet) recommend using the KMS in conjunction with multiple simultaneously active validators on the same network for prolonged periods of time.

In particular, there is presently no double signing defense in the case that multiple KMS instances are running simultaneously and connecting to multiple validators on the same network.

Signing Providers

You MUST select one or more signing provider(s) when compiling the KMS, passed as the argument to the

flag (see below for more instructions on how to build Tendermint KMS).

The following signing backend providers are presently supported:

Hardware Security Modules (recommended)

Software-Only (not recommended)

Supported Platforms

should build on any supported Rust platform which is also supported by libusb, however there are some platforms which meet those criteria which are unsuitable for cryptography purposes due to lack of constant-time CPU instructions. Below are some of the available tier 1, 2, and 3 Rust platforms which meet our minimum criteria for KMS use.


is presently tested on Linux/x86_64. We don't otherwise guarantee support for any of the platforms below, but they theoretically meet the necessary prerequisites for support.

Operating Systems

  • Linux (recommended)
  • FreeBSD
  • NetBSD
  • OpenBSD
  • macOS

CPU Architectures

  • x86_64
  • arm
    (32-bit ARM)
  • aarch64
    (64-bit ARM)
  • riscv32
    (32-bit RISC-V)
  • riscv64
    (64-bit RISC-V)


You will need the following prerequisites:

  • Rust (stable; 1.40+):
  • C compiler: e.g. gcc, clang
  • pkg-config
  • libusb (1.0+). Install instructions for common platforms:
    • Debian/Ubuntu:
      apt install libusb-1.0-0-dev
    • RedHat/CentOS:
      yum install libusb1-devel
    • macOS (Homebrew):
      brew install libusb

NOTE (x86_64 only): Configure

environment variable:
export RUSTFLAGS=-Ctarget-feature=+aes,+ssse3

There are two ways to install

: either compiling the source code after cloning it from git, or using Rust's
cargo install

Compiling from source code (via git)

can be compiled directly from the git repository source code using the following method.

The following example adds

to enable YubiHSM 2 support.
$ git clone && cd tmkms
$ cargo build --release --features=yubihsm

Alternatively, substitute

to enable Ledger support.

If successful, this will produce a

executable located at

Installing with the
cargo install

With Rust (1.40+) installed, you can install tmkms with the following:

cargo install tmkms --features=yubihsm

Or to install a specific version (recommended):

cargo install tmkms --features=yubihsm --version=0.4.0

Alternatively, substitute

to enable Ledger support.


After compiling, start

with the following:
$ tmkms start

This will read the configuration from the

file in the current working directory.

To explicitly specify the path to the configuration, use the

$ tmkms start -c /path/to/tmkms.toml


The following are instructions for setting up a development environment. They assume you've already followed steps 1 & 2 from the Installation section above.

  • Install rustfmt:
    rustup component add rustfmt
  • Install clippy:
    rustup component add clippy

Alternatively, you can build a Docker image from the Dockerfile in the top level of the repository, which is what is used to run tests in CI.

Before opening a pull request, please run the checks below:


Run the test suite with:

cargo test --all-features -- --test-threads 1

Format checking (rustfmt)

Make sure your code is well-formatted by running:

cargo fmt

Lint (clippy)

Lint your code (i.e. check it for common issues) with:

cargo clippy


Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.