public
/
docs
5
0
Fork 0
Code Issues 14 Pull Requests 1 Packages Projects Releases Wiki Activity
docs/quorum-vault-system/src/operator-key-provisioning.md

1.5 KiB
Raw Permalink Blame History

Operator Key Provisioning

Description

This guide can be used for provisioning Operator key pairs, and the output of the ceremony is a set of the following for each Operator:

  • Smart Card(s) seeded with PGP keys
  • Storage Device with a backup of:
    • PGP key pair public key

Requirements

  • Smart Card(s): whatever number of smart cards you would like to have seeded for each Operator, usually 2 per Operator is recommended - one NitroKey 3 and 1 YubiKey Series 5.

  • Storage Devices: as many storage devices as you would like for backing up Public Ceremony Artifacts

Playbook

Steps

This playbook allows the setup of any number of Operator Keys. For each Operator, the steps that follow need to be repeated.

  1. Bring the Ceremony Machine and Quorum team into the established Location

  2. Boot your Ceremony Machine using Secure Boot Sequence

  3. Plug in a new Storage Device

  4. Run keyfork wizard operator TODO: this command is not part of keyfork yet

  5. As prompted plug in new Smart Cards

  6. Once the ceremony is complete, make as many copies of the Storage Device from Step 3 as desired.

  7. Follow the Physical Artifact Storage guide for storage of the Operator Smart Cards and Location Smart Cards

  8. Follow the Online Artifacts Storage guide for all public artifacts produced during the ceremony