Download and Install KMS
Download KMS
We recommend that you run KMS from the Docker image regardless of the operating system used.
Tatum KMS should be installed in the Deny-From-All environment to meet the highest security standards.
Install KMS
From npm
- Install KMS globally:
npm i -g @tatumio/tatum-kms //or yarn global add @tatumio/tatum-kms
- Use
.env
file to configure Tatum KMS- via
--env-file=/path/to/.env
tatum-kms --env-file=/path/to/.env getaddress 11111111-1111-1111-1111-111111111111 0
- via environment variables directly
TATUM_API_KEY=XXXXX-YOUR-API-KEY tatum-kms --help
- via predefined environment vars on global level
export TATUM_API_KEY=XXXXX-YOUR-API-KEY tatum-kms --help
IMPORTANT! NodeJS >=14 and npm@6 are required. KMS does not work on npm@7.
- via
From Docker
- Pull the
tatum-kms
image:docker pull tatumio/tatum-kms
- Navigate to the home directory:
cd $HOME
- Use pre-created
.env
file to configure Tatum KMS via--env-file .env
- Map the Docker volume to the local storage (your home folder).
- For more details, refer to the Docker user documentation.
- Once you have mapped the Docker volume, KMS is ready to be run as a Docker container.
To interactively communicate with KMS and run various KMS commands, use the docker run
command:
docker run -it --env-file .env -v $HOME:/root/.tatumrc tatumio/tatum-kms --help
docker run -it --env-file .env -v $HOME:/root/.tatumrc tatumio/tatum-kms generatemanagedwallet BTC
docker run -it --env-file .env -v $HOME:/root/.tatumrc tatumio/tatum-kms storemanagedprivatekey BTC
//NOTE: You can shorten the command syntax and use it as follows:
docker run ${COMMON_PARAMS} tatumio/tatum-kms generatemanagedwallet BTC
//where COMMON_PARAMS can be exported as all the flags necessary for running the container.
Good to know
- It is possible to store private keys locally or using an external service:
- After you generate and store the wallets you want to work with, enable daemon mode. Daemon mode periodically checks for pending transactions to sign.
- Every pending transaction has a
signatureId
. When a pending transaction matches a stored wallet, it is signed locally and sent to the blockchain. Your wallet data are stored only in memory.
KMS supports the 4 eye control mechanism, where pending transactions are controlled in Tatum and the customer system. By default, KMS checks for the pending transactions every 5 seconds using the following REST API call.
Updated about 1 month ago