Support multiple YubiHSMs per process #691
Comments
|
Yes, definitely possible. It would also be nice to be able to load balance between them, as the YubiHSM2 is effectively single-threaded. Currently a single TMKMS + YubiHSM2 instance caps out at or slightly below 10 chains, because after that it can't sign fast enough to keep up with them all. |
tony-iqlusion
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So I'm currently using tmkms with a yubihsm2 to sign blocks for multiple validators and it works fine so far. I want to ensure it's not a single point of failure so I want to buy a failover hsm to make it a full copy of a main hsm, so if a main one fails, I can just remove it from usb port and install a failover one and it would still work. But that requires an app restart and physical replacement of a hsm.
I'd want something like that: I can insert 2 hsms into different usb ports and set up tmkms config to use either of these, and in case one fails, tmkms would show in logs that it failed and use a failover one, so no app restart or replacing a hsm is needed.
Do you think it's possible or feasible?
The text was updated successfully, but these errors were encountered: