Threshold Access Control (TACo)
  • TACo (Threshold Access Control)
    • How TACo works
    • Value Propositions
  • Use cases
    • Seed phrase recovery & transfer
    • Digital Rights Management for on-chain assets
    • Trustless channels for journalists, archivists & whistleblowers
    • Crowdsourcing real-world data with trustless contribution
  • Quickstart (Testnet)
  • Integrate TACo into apps
    • Testnets
    • Mainnet Access
    • Mainnet Deployment
  • Ecosystem Integrations
    • OrbisDB
    • Waku
    • Irys
    • ComposeDB
    • Turbo
  • Encrypt & Decrypt API
  • Authentication
    • Condition Context
  • Access Control
    • TimeCondition
    • RpcCondition
    • ContractCondition
      • Use custom contract calls
      • Implement access revocation via smart contract
    • JSON Endpoint Conditions
      • JsonApiCondition
      • JsonRpcCondition
    • JWT Conditions
    • Logical Conditions
      • CompoundCondition
      • IfThenElseCondition
      • SequentialCondition
    • WIP / Feature Requests
      • Any (Major) EVM Chain Condition Support
  • Fees & Allowlists
    • Mainnet Fees
    • Encryptor Allowlist
  • Trust Assumptions
    • Mainnet Trust Disclosure (Provider Answers)
    • Mainnet Trust Model Foundation
    • Trust levers & parameter packages
  • Architecture
    • Porter
    • Contract Addresses
  • Extensions
  • API References
  • NODE OPERATOR
    • Duties, Compensation & Penalties
    • Minimum System Requirements
    • Stake Authorization
    • Run a TACo Node with Docker
    • TACo Node Management
    • TACo Node Recovery
    • Run a Porter Instance
Powered by GitBook
On this page
  • Node Operator Security and Recovery Guidelines
  • Recovery
  • View public keys for a given mnemonic
  • Auditing
  1. NODE OPERATOR

TACo Node Recovery

Node Operator Security and Recovery Guidelines

As a node operator, it is critical to maintain the security of your keystores (private keys), passwords, and mnemonic phrases throughout the lifecycle of your node's operation. Ensuring the safekeeping of these elements is essential for continued access and control of your node. In the event of a loss, several built-in recovery tools are available to assist you in restoring normal operations.

Below are the three possible high-level recovery scenarios:

  1. Recovery using a backup of keystore and password

  2. Recovery using mnemonic

  3. Complete loss of keystore and mnemonic

This documentation outlines the procedures to manage scenarios 1 and 2. However, please be advised that in the case of a complete loss of both the keystore and mnemonic, there are currently no recovery options available and you will need to shut down your node until a re-onboarding mechanism is included in a future software upgrade (this will result in reward withholding and/or stake slashing).

If you find yourself in this situation, please reach out for assistance by opening a support ticket in the Threshold Discord server under the #support-ticket channel.

Recovery

Recover a TACo node using a mnemonic and existing config

This command can be used to restore private keys on an existing node.

If using Docker commands, start by pulling the latest recovery image:

docker pull nucypher/nucypher:recovery
nucypher ursula recover
docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula recover

Recover or relocate a TACo node by creating a new configuration with mnemonic

This command can be used to completely relocate a node to a new host from scratch while preserving the original private keys.

nucypher ursula init ... --with-mnemonic
docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula init ... --with-mnemonic

View public keys for a given mnemonic

This command is useful if you have a mnemonic but are unsure which public keys it produces.

nucypher ursula public-keys --from-mnemonic
docker run -it nucypher/nucypher:recovery nucypher ursula public-keys --from-mnemonic

Auditing

Below is documentation for node auditing commands that can be used to ensure correctness of passwords and mnemonics.Comment

Audit password and mnemonic

nucypher ursula audit

nucypher ursula audit --config-file <config path>

nucypher ursula audit --keystore-filepath <keystore path>
docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula audit

View mnemonic

This command can be used to view the mnemonic for existing private keys. This assumes you have the keystore file and it's associated password.

nucypher ursula audit ... --view-mnemonic
docker run -it -v ~/.local/share/nucypher:/root/.local/share/nucypher:rw -v ~/.ethereum/:/root/.ethereum:ro nucypher/nucypher:recovery nucypher ursula audit --view-mnemonic
PreviousTACo Node ManagementNextRun a Porter Instance

Last updated 7 days ago