-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple YubiHSMs per process #691
Comments
Yes, definitely possible. It would also be nice to be able to load balance between them, as the YubiHSM2 is effectively single-threaded. Currently a single TMKMS + YubiHSM2 instance caps out at or slightly below 10 chains, because after that it can't sign fast enough to keep up with them all. |
tony-iqlusion
changed the title
Failover hsm support?
Support multiple YubiHSMs per process
Oct 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So I'm currently using tmkms with a yubihsm2 to sign blocks for multiple validators and it works fine so far. I want to ensure it's not a single point of failure so I want to buy a failover hsm to make it a full copy of a main hsm, so if a main one fails, I can just remove it from usb port and install a failover one and it would still work. But that requires an app restart and physical replacement of a hsm.
I'd want something like that: I can insert 2 hsms into different usb ports and set up tmkms config to use either of these, and in case one fails, tmkms would show in logs that it failed and use a failover one, so no app restart or replacing a hsm is needed.
Do you think it's possible or feasible?
The text was updated successfully, but these errors were encountered: