Skip to main content

3. Node ID / BLS key Secret Generation

caution

UPDATE: The Ash Console open beta has ended. Looking to launch your Avalanche L1? See our latest Ash Managed L1s offer announcement!

The Ash Console decorelates the node ID and BLS key from Avalanche nodes, so that you can have a better control over your validator nodes' lifecycle.

The Node ID is stored as a secret in the Console.

Generate a new node ID secret

  1. If not already done, create a folder for this guide and navigate to it:

    mkdir -p ash-console-guides/fuji-node
    cd ash-console-guides/fuji-node
  2. Generate a new Node ID with the avalanche node generate-id command:

    Command
    ash avalanche node generate-id -o node-id
    Output
    Node ID: NodeID-2rVh5jWQ5xtxRDWNuP91XvciQNPBWWy8n
    Certificate and key files written to 'node-id/node.crt' and 'node-id/node.key'
    note

    Your node ID will be different.

  3. Make sure to keep a backup of the certificate and key files in a safe place. If an outage occurs, you will need them to recreate a node with the same ID.

  4. Save the Node ID for later use. You can also compute it from the node certificate with the avalanche node id command:

    Command
    ash avalanche node id-from-cert -f node-id/node.crt
    Output
    Node ID: NodeID-2rVh5jWQ5xtxRDWNuP91XvciQNPBWWy8n

Generate a BLS key

  1. Generate a new BLS key with the avalanche node generate-bls-key command:

    Command
    ash avalanche node generate-bls-key -o node-id
    Output
    BLS public key: 0xa64edc101b5260a35a004fa0d81e129f6f592d2ccb037181c7aebb2ff9d8c90135f780d326555adde901f5bbd7cbf9d5
    BLS proof of possession: 0xae8debe9b551a094f8503d8fe86f68243dfb2be93a782d69c32ca883c6e96d5293cd6047fda146366cf9f2c58d2254fe183433faffa1d459d93ba97ba6f91a5388ad8d61aa23c18a5b15551961e5b5289badcf931722dc9e6ba0a8539f74d442
    BLS private key file written to 'node-id/bls.key'
    note

    Your BLS key will be different.

Create the node ID secret

From the Ash Console project overview page, navigate to the Secrets tab:

  • Click on the Create Secret button.
  • Select the Node ID secret type.
  • Pick a name for your secret, e.g., fuji-node-id-01.
  • Paste the Node ID generated in the previous step.
  • Upload the certificate, key and BLS key files generated in the previous step in the corresponding fields.
  • Click on the Create button to add secret to the project.

Ash Console NodeID secret create

note

See the reference for more information about secrets lifecycle management.