- Run a node
- Set up the node's keys
You will need to create at least one private key to hold your account that will be used to execute transactions from the node.
This step is not needed if you just want to run a node to query the blockchain state without validating or submitting any transaction.
When you run the command below, you might be prompted to enter a password for your keyring.
archwayd keys add <account-name>
archwayd keys add my-node
You will observe a similar output as shown below:
- name: my-node type: local address: archway12ntzpk9fjt2x39pvll8ufma9tuhhnkh8g4zzc2 pubkey: archwaypub1addwnpepqfgjegqxxv9srfe359t93tu9l86tpkwwjk7w63xtpwq05wmlq9emjmxfmmv mnemonic: "" threshold: 0 pubkeys:  **Important:** Write this mnemonic phrase in a safe place. It is the only way to recover your account if you ever forget your password. resource regret any wet stable body alcohol spring horse valve ritual top music salad gesture can earn casino example drive surface mix senior flag
The account comes with a human-readable 24-word mnemonic phrase (also called seed or simply mnemonic), which you can use to recover the account.
Make sure to safely back up the mnemonic phrase, as it is crucial to recover your account.
In rare circumstances, when using Ubuntu the OS Keyring Backend may throw the error:
"object does not exist at path “/“ error.". If this is the case, you can change the keyring backend from OS to file, and then launch every command with the
--keyring-backend file flag.
To recover an existing account, add the --recover flag:
archwayd keys add <key_name> --recover
You will be prompted to enter your bip39 mnemonic in order to add the key.
You can use the following command to list all your keys:
archwayd keys list
For example, executing the command above would produce output similar to the following:
$ archwayd keys list - name: Default type: local address: ## Address of "Default" ## pubkey: ## Pubkey of "Default" ## mnemonic: "" threshold: 0 pubkeys:  - name: Default_restore type: local address: ## Address of "Default_restore" ## pubkey: ## Pubkey of "Default_restore" ## mnemonic: "" threshold: 0 pubkeys: 
You can also retrieve information about a specific key:
archwayd keys show <key_name>
and you will be shown something similar to the following:
$ archwayd keys show Default --bech acc- name: Default type: local address: arch1quw5r22pxy8znjtdkgqc65atrm3x5hg6vycm5n pubkey: archpub1addwnpepqdct05khsxvtaaj0stuvayrpw0j8t6styr7vu05k3y63d5540ftuz8x6tsq mnemonic: "" threshold: 0 pubkeys: 
You can delete a key in your storage path with:
archwayd keys delete <key_name>
Make sure you are fully aware of the implications and have backed up the key mnemonic before removing any of your keys. There is no way to recover your key without the mnemonic.
You can export and backup your key by launching:
archwayd keys export <key_name>
The Keyring is where the keys are stored, and there are a few options.
archwayd keys [subcommands] --keyring-backend [backend type]
The default os backend stores the keys in the operating system's credential sub-system.
By choosing the file backend, a password entry is required every time you need to access it. This implies that you may be prompted for your password multiple times in one single command.
The test backend is a password-less variation of the file backend. It stores unencrypted keys inside the app's configuration directory. It should only be used in testing environments and never be used in production.
We have been talking about your node address, which is your account address and it's used for holding funds and signing transactions. This is also referred to as Operator Address, and you can obtain it by launching
archwayd keys add <your-key-name>. This address starts with "archway..".
It is important to notice that there is also another type of address, derived from your validator's consensus public key. This is called Validator Consensus Address, and it is used in the staking and consensus process to identify your validator.This address starts with "archwayvaloper.."", and you can obtain it by launching
archwayd tendermint show-address.
Tendermint Key Management System (TKMS), is a specialized service that manages validator keys for nodes operating on the Cosmos network, ensuring the secure storage, access, and usage of cryptographic keys. Using TKMS for Cosmos validators has the following advantages:
- Improved security: TKMS establishes robust security practices for the handling and storage of cryptographic keys, minimizing the risk of unauthorized access, manipulation, or theft of keys.
- Unified API and support for various HSMs: TKMS offers a unified API that allows for integration with various Hardware Security Modules (HSMs). HSMs are specialized devices that securely generate, store, and manage cryptographic keys. By supporting different HSMs, TKMS provides validators with the flexibility to choose the most appropriate and secure hardware solutions for their specific needs.
- Double signing protection: TKMS implements both software and hardware-based double signing protection measures, ensuring that validators do not inadvertently double sign blocks.
In order to safely manage your validator keys, you can look further on how to integrate TKMS with hardware devices:
Tendermint KMS is a work in progress which is currently in beta phase. It has undergone one security audit with only one low-severity finding. Make sure you are aware of the risks, do your own research and look into the official docs.
Now you are ready to join a network. Optionally, you can take your time to configure your node, so that the node can be customized according to your needs and preferences. Also, note that you can use Cosmovisor in order to perform automatic upgrades.