docs/quorum-vault-system/src/operator-key-provisioning.md

# Operator Key Provisioning

## Description
This guide can be used for provisioning Operator key pairs, and the output of
the ceremony is a set of the following for each Operator:
* Smart Card(s) seeded with PGP keys
* Storage Device with a backup of:
    * PGP key pair public key

## Requirements
* Smart Card(s): whatever number of smart cards you would like to have seeded
for each Operator, usually 2 per Operator is recommended - one NitroKey 3 and
1 YubiKey Series 5.

* [Storage Devices](hardware.md#storage-device): as many storage devices as you
would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-storage.md)

## Playbook

### Steps
This playbook allows the setup of any number of Operator Keys. For each Operator,
the steps that follow need to be repeated.

1. Bring the Ceremony Machine and [Quorum](selecting-quorum.md) team into the
established [Location](locations.md)

2. Boot your Ceremony Machine using [Secure Boot Sequence](secure-boot-sequence.md)

3. Plug in a new Storage Device

4. Run `keyfork wizard operator` TODO: this command is not part of `keyfork` yet

5. As prompted plug in new Smart Cards

6. Once the ceremony is complete, make as many copies of the Storage Device
from Step 3 as desired.

7. Follow the [Physical Artifact Storage](physical-artifact-storage.md) guide
 for storage of the Operator Smart Cards and Location Smart Cards

8. Follow the [Online Artifacts Storage](public-ceremony-artifact-storage.md)
guide for all public artifacts produced during the ceremony
initial commit of QKMS docs 2024-08-03 21:23:14 +00:00			`# Operator Key Provisioning`

			`## Description`
			`This guide can be used for provisioning Operator key pairs, and the output of`
			`the ceremony is a set of the following for each Operator:`
			`* Smart Card(s) seeded with PGP keys`
			`* Storage Device with a backup of:`
			`* PGP key pair public key`

			`## Requirements`
			`* Smart Card(s): whatever number of smart cards you would like to have seeded`
			`for each Operator, usually 2 per Operator is recommended - one NitroKey 3 and`
			`1 YubiKey Series 5.`

fix links 2024-08-03 22:59:25 +00:00			`* [Storage Devices](hardware.md#storage-device): as many storage devices as you`
initial commit of QKMS docs 2024-08-03 21:23:14 +00:00			`would like for backing up [Public Ceremony Artifacts](public-ceremony-artifact-storage.md)`

			`## Playbook`

			`### Steps`
			`This playbook allows the setup of any number of Operator Keys. For each Operator,`
			`the steps that follow need to be repeated.`

fix links 2024-08-03 22:59:25 +00:00			`1. Bring the Ceremony Machine and [Quorum](selecting-quorum.md) team into the`
			`established [Location](locations.md)`
initial commit of QKMS docs 2024-08-03 21:23:14 +00:00
			`2. Boot your Ceremony Machine using [Secure Boot Sequence](secure-boot-sequence.md)`

			`3. Plug in a new Storage Device`

			4. Run `keyfork wizard operator` TODO: this command is not part of `keyfork` yet

			`5. As prompted plug in new Smart Cards`

			`6. Once the ceremony is complete, make as many copies of the Storage Device`
			`from Step 3 as desired.`

			`7. Follow the [Physical Artifact Storage](physical-artifact-storage.md) guide`
			`for storage of the Operator Smart Cards and Location Smart Cards`

fix links 2024-08-03 22:59:25 +00:00			`8. Follow the [Online Artifacts Storage](public-ceremony-artifact-storage.md)`
initial commit of QKMS docs 2024-08-03 21:23:14 +00:00			`guide for all public artifacts produced during the ceremony`