TACo Node Recovery

Node Operator Security and Recovery Guidelines

As a node operator, it is critical to maintain the security of your keystores (private keys), passwords, and mnemonic phrases throughout the lifecycle of your node's operation. Ensuring the safekeeping of these elements is essential for continued access and control of your node. In the event of a loss, several built-in recovery tools are available to assist you in restoring normal operations.

Below are the three possible high-level recovery scenarios:

1. Recovery using a backup of keystore and password

2. Recovery using mnemonic

3. Complete loss of keystore and mnemonic

This documentation outlines the procedures to manage scenarios 1 and 2. However, please be advised that in the case of a complete loss of both the keystore and mnemonic, there are currently no recovery options available and you will need to shut down your node until a re-onboarding mechanism is included in a future software upgrade (this will result in reward withholding and/or stake slashing).

If you find yourself in this situation, please reach out for assistance by opening a support ticket in the Threshold Discord server under the #support-ticket channel.

Recovery

Recover a TACo node using a mnemonic and existing config

This command can be used to restore private keys on an existing node.

docker pull nucypher/nucypher:recovery

nucypher ursula recover

docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula recover

Recover or relocate a TACo node by creating a new configuration with mnemonic

This command can be used to completely relocate a node to a new host from scratch while preserving the original private keys.

nucypher ursula init ... --with-mnemonic

docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula init ... --with-mnemonic

View public keys for a given mnemonic

This command is useful if you have a mnemonic but are unsure which public keys it produces.

nucypher ursula public-keys --from-mnemonic

docker run -it nucypher/nucypher:recovery nucypher ursula public-keys --from-mnemonic

Auditing

Below is documentation for node auditing commands that can be used to ensure correctness of passwords and mnemonics.Comment

Audit password and mnemonic

nucypher ursula audit

nucypher ursula audit --config-file <config path>

nucypher ursula audit --keystore-filepath <keystore path>

docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula audit

View mnemonic

This command can be used to view the mnemonic for existing private keys. This assumes you have the keystore file and it's associated password.

nucypher ursula audit ... --view-mnemonic

docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula audit --view-mnemonic