3. Node ID / BLS key Secret Generation
UPDATE: The Ash Console open beta has ended. Looking to launch your Avalanche L1? See our latest Ash Managed L1s offer announcement!
The Ash Console decorelates the node ID and BLS key from Avalanche nodes, so that you can have a better control over your validator nodes' lifecycle.
The Node ID is stored as a secret in the Console.
Generate a new node ID secret
If not already done, create a folder for this guide and navigate to it:
mkdir -p ash-console-guides/fuji-node
cd ash-console-guides/fuji-nodeGenerate a new Node ID with the
avalanche node generate-id
command:Commandash avalanche node generate-id -o node-id
OutputNode ID: NodeID-2rVh5jWQ5xtxRDWNuP91XvciQNPBWWy8n
Certificate and key files written to 'node-id/node.crt' and 'node-id/node.key'noteYour node ID will be different.
Make sure to keep a backup of the certificate and key files in a safe place. If an outage occurs, you will need them to recreate a node with the same ID.
Save the Node ID for later use. You can also compute it from the node certificate with the
avalanche node id
command:Commandash avalanche node id-from-cert -f node-id/node.crt
OutputNode ID: NodeID-2rVh5jWQ5xtxRDWNuP91XvciQNPBWWy8n
Generate a BLS key
Generate a new BLS key with the
avalanche node generate-bls-key
command:Commandash avalanche node generate-bls-key -o node-id
OutputBLS public key: 0xa64edc101b5260a35a004fa0d81e129f6f592d2ccb037181c7aebb2ff9d8c90135f780d326555adde901f5bbd7cbf9d5
BLS proof of possession: 0xae8debe9b551a094f8503d8fe86f68243dfb2be93a782d69c32ca883c6e96d5293cd6047fda146366cf9f2c58d2254fe183433faffa1d459d93ba97ba6f91a5388ad8d61aa23c18a5b15551961e5b5289badcf931722dc9e6ba0a8539f74d442
BLS private key file written to 'node-id/bls.key'noteYour BLS key will be different.
Create the node ID secret
- Using the Ash Console
- Using the Ash CLI
From the Ash Console project overview page, navigate to the Secrets tab:
- Click on the
Create Secret
button. - Select the
Node ID
secret type. - Pick a name for your secret, e.g.,
fuji-node-id-01
. - Paste the Node ID generated in the previous step.
- Upload the certificate, key and BLS key files generated in the previous step in the corresponding fields.
- Click on the
Create
button to add secret to the project.
The Ash Console subcommands support both JSON and YAML.
Use the certificate, key and BLS key files to create a nodeId
secret with the console secret create
command.
Don't forget to replace the Node ID with yours:
ash console secret create '{
name: fuji-node-id-01,
secretType: nodeId,
nodeId: NodeID-2rVh5jWQ5xtxRDWNuP91XvciQNPBWWy8n,
nodeCert: node-id/node.crt,
nodeKey: node-id/node.key,
nodeBlsKey: node-id/bls.key
}'
Secret created successfully!
+-----------------+-------------+--------+------------------+---------+
| Secret name | Secret ID | Type | Created at | Used by |
+=================+=============+========+==================+=========+
| fuji-node-id-01 | 41ea...c755 | NodeId | 2023-12-21T11:05 | 0 |
+-----------------+-------------+--------+------------------+---------+
See the reference for more information about secrets lifecycle management.