Database Encryption for Existing Node Operators
In Mainnet14, the DKG (distributed key generation) is turned on, requiring storage of dynamically generated confidential data (random beacon keys). These are stored in a separate database which is new with the Mainnet14 release.
All node operators joining after Mainnet14 will generate encryption keys for this database through the node bootstrapping and staking process. We strongly recommend all node operators (especially consensus node operators) generate an encryption key for this database. This guide demonstrates how to enable encryption for this database for existing operators.
Downloading Bootstrap Utility
If you have downloaded the bootstrapping kit previously, ensure that you do this step again to get the latest copy of the bootstrapping kit since there have been significant changes to it.
Follow the instructions here to download the latest version of the bootstrapping kit, then return to this page.
Generate Database Encryption Key
You will need to generate an encryption key for the database using the bootstrap
utility.
Ensure you run the following commands on the machine you use to run your node software.
The bootstrap directory passed to the -o
flag must be the same bootstrap directory used by your node.
The default location is /var/flow/bootstrap
, but double-check your setup before continuing.