Skip to main content
Version: Next

Database Encryption for Existing Node Operators

In Mainnet14, the DKG (distributed key generation) is turned on, requiring storage of dynamically generated confidential data (random beacon keys). These are stored in a separate database which is new with the Mainnet14 release.

All node operators joining after Mainnet14 will generate encryption keys for this database through the node bootstrapping and staking process. We strongly recommend all node operators (especially consensus node operators) generate an encryption key for this database. This guide demonstrates how to enable encryption for this database for existing operators.

Downloading Bootstrap Utility

warning

If you have downloaded the bootstrapping kit previously, ensure that you do this step again to get the latest copy of the bootstrapping kit since there have been significant changes to it.

Follow the instructions here to download the latest version of the bootstrapping kit, then return to this page.

Generate Database Encryption Key

You will need to generate an encryption key for the database using the bootstrap utility.

warning

Ensure you run the following commands on the machine you use to run your node software. The bootstrap directory passed to the -o flag must be the same bootstrap directory used by your node. The default location is /var/flow/bootstrap, but double-check your setup before continuing.

GenerateEncryptionKey

_15
$./boot-tools/bootstrap db-encryption-key -o ./bootstrap
_15
<nil> INF generated db encryption key
_15
<nil> INF wrote file bootstrap/private-root-information/private-node-info_ab6e0b15837de7e5261777cb65665b318cf3f94492dde27c1ea13830e989bbf9secretsdb-key
_15
_15
$tree ./bootstrap/
_15
./bootstrap
_15
├── private-root-information
_15
│ └── private-node-info_ab6e0b15837de7e5261777cb65665b318cf3f94492dde27c1ea13830e989bbf9
_15
│ ├── node-info.priv.json
_15
│ └── secretsdb-key
_15
└── public-root-information
_15
├── node-id
_15
└── node-info.pub.ab6e0b15837de7e5261777cb65665b318cf3f94492dde27c1ea13830e989bbf9.json
_15
_15
3 directories, 4 files