Rotation of mnemonics in tofnd
v0.10.1+, validators can generate a new
to slowly rotate out their old
tofnd mnemonics for improved security.
New Axelar key rotations will automatically use the most recent mnemonic generated.
Caution: A validator needs to make sure their old
tofnd mnemonics are still backed up.
These mnemonics are still in use until the keys generated from them are considered "old" by the Axelar network.
A key becomes old after
x subsequent key rotations for that EVM chain. (Currently
# Kill vald/tofnd processes pkill -9 -f "vald" pkill -f "tofnd" # Rotate tofnd mnemonic, the new mnemonic is exported automatically tofnd -m rotate -d $TOFND_HOME # NOTE: Keep the old mnemonic backups around # BACKUP the new exported mnemonic and then DELETE the local copy cp $TOFND_HOME/export ... rm $TOFND_HOME/export # Restart vald/tofnd processes as usual
After performing the rotation, monitor your validator to make sure it's
still posting heartbeats and there are no unexpected errors in
It's also useful to perform a health check.
Validators are recommended to have processes in place to rotate their
tofnd mnemonic once every 2 months.
Recovery of mnmenonics
As before, you can import a
tofnd mnemonic with
tofnd -m import -d $TOFND_HOME.
If there are no other mnemonics yet in
tofnd storage then the imported mnemonic will be treated as the latest mnemonic,
and automatically used for future key ids that are rotated to and any previous key ids it was already a part of.
Each subsequent imported mnemonic is considered as "old" and so only used for any past key ids that corresponded to it.
# Recover tofnd mnemonics on a fresh state # Make sure there is no previous tofnd state rm -r $TOFND_HOME # Import your latest tofnd mnemonic first tofnd -m import -d $TOFND_HOME # Import your remaining old tofnd mnemonics tofnd -m import -d $TOFND_HOME