This document details how to join the Secret Network secret-4 mainnet as a full node. Once your full node is running and state synced to the current block, you can turn it into a validator in the optional last step.
{% hint style="danger" %} Secret Network has strict Hardware Requirements. If your machine does not meet them, it will *NOT* work as a node. {% endhint %}
- Ubuntu/Debian host (with ZFS or LVM to be able to add more storage easily)
- A public IP address
- Open ports
TCP 26656 & 26657Note: If you're behind a router or firewall then you'll need to port forward on the network device. - Reading Tendermint: Running in production
- RPC address of an already active node. You can use any node that exposes RPC services.
- Refer to Intel Processor Specifications if you're unsure if your processor supports SGX
Minimum requirements
- 32GB RAM
- 512GB SDD
- 1 dedicated core of any Intel Skylake processor (Intel® 6th generation) or better (Xeon gen3 (Ice Lake) NOT supported)
- Motherboard with support for SGX in the BIOS
Recommended requirements
- 32GB RAM
- 1TB NVMe SSD
- 2 dedicated cores of any Intel Skylake processor (Intel® 6th generation) or better (Xeon gen3 (Ice Lake) NOT supported)
- Motherboard with support for SGX in the BIOS
{% hint style="danger" %} This guide assumes you've already installed the latest version of secretd and SGX. To setup an archive node, you must follow the Archive Nodes instructions. {% endhint %}
For more information on SGX, see instructions for SGX Installation and Verifying SGX. See Node Registration Information if you'd like a more comprehensive overview on what's happening in these steps.
Choose a moniker for yourself, and replace <MONIKER> with your moniker below. This moniker will serve as your public nickname in the network.
secretd init <MONIKER> --chain-id secret-4This will generate the following files in ~/.secretd/config/
genesis.jsonnode_key.jsonpriv_validator_key.json
The genesis file is how other nodes on the network know what network you should be on.
wget -O ~/.secretd/config/genesis.json "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.2.0/genesis.json"
# verify genesis.json checksum
echo "759e1b6761c14fb448bf4b515ca297ab382855b20bae2af88a7bdd82eb1f44b9 $HOME/.secretd/config/genesis.json" | sha256sum --checkInitialize /opt/secret/.sgx_secrets:
mkdir -p /opt/secret/.sgx_secretsYou can choose between two methods, 3a (automatic) or 3b (manual):
{% hint style="danger" %} WARNING: This method is experimental, and may not work. If it doesn't work, skip to step 3b. {% endhint %}
The following commands will create the necessary environment variables and attempt to automatically register the node.
export SCRT_ENCLAVE_DIR=/usr/lib
export SCRT_SGX_STORAGE=/opt/secret/.sgx_secrets
secretd auto-registerIf this step was successful, you can skip straight to step 9.
secretd init-enclaveAttestation certificate should have been created by the previous step
ls -lh /opt/secret/.sgx_secrets/attestation_cert.derVerify the certificate is valid. A 64 character registration key will be printed if it was successful.
PUBLIC_KEY=$(secretd parse /opt/secret/.sgx_secrets/attestation_cert.der 2> /dev/null | cut -c 3-)
echo $PUBLIC_KEY{% hint style="info" %}
The following steps should use secretd be ran on the full node itself. To run the steps with secretd on a local machine, set up the CLI there.
{% endhint %}
Configure secretd. Initially you'll be using the bootstrap node, as you'll need to connect to a running node and your own node is not running yet.
secretd config chain-id secret-4
secretd config node https://lcd-secret.scrtlabs.com:443/rpc
secretd config output jsonIf you already have a wallet funded with SCRT, you can import the wallet by doing the following:
secretd keys add <key-alias> --recoverOtherwise, you will need to set up a key. Make sure you back up the mnemonic and the keyring password.
secretd keys add <key-alias>This will output your address, a 45 character-string starting with secret1....
- Register your node on-chain
secretd tx register auth /opt/secret/.sgx_secrets/attestation_cert.der -y --from <key-alias>2. Pull & check your node's encrypted seed from the network
SEED=$(secretd query register seed $PUBLIC_KEY | cut -c 3-)
echo $SEED3. Get additional network parameters
These are necessary to configure the node before it starts.
secretd query register secret-network-params
ls -lh ./io-master-cert.der ./node-master-cert.der{% hint style="info" %} From here on, commands must be ran on the full node. {% endhint %}
mkdir -p ~/.secretd/.node
secretd configure-secret node-master-cert.der $SEEDIn order to be able to handle NFT minting and other Secret Contract-heavy operations, it's recommended to update your SGX memory enclave cache:
sed -i.bak -e "s/^contract-memory-enclave-cache-size *=.*/contract-memory-enclave-cache-size = \"15\"/" ~/.secretd/config/app.tomlAlso checkout this document by [ block pane ] for fine tuning your machine for better uptime.
We recommend 0.00125uscrt per gas unit:
perl -i -pe 's/^minimum-gas-prices = .+?$/minimum-gas-prices = "0.00125uscrt"/' ~/.secretd/config/app.tomlYour node will not accept transactions that specify --fees lower than the minimun-gas-price you set here.
{% hint style="info" %}
Note that the secret-node system file is created when installing sgx.
{% endhint %}
sudo systemctl enable secret-node && sudo systemctl start secret-nodeIf everything above worked correctly, the following command will show your node streaming blocks (this is for debugging purposes only, kill this command anytime with Ctrl-C).
journalctl -f -u secret-node-- Logs begin at Mon 2020-02-10 16:41:59 UTC. --
Nov 09 11:16:31 scrt-node-01 secretd[619529]: 11:16AM INF indexed block height=12 module=txindex
Nov 09 11:16:35 scrt-node-01 secretd[619529]: 11:16AM INF Ensure peers module=pex numDialing=0 numInPeers=0 numOutPeers=0 numToDial=10
Nov 09 11:16:35 scrt-node-01 secretd[619529]: 11:16AM INF No addresses to dial. Falling back to seeds module=pex
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF Timed out dur=4983.86819 height=13 module=consensus round=0 step=1
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF received proposal module=consensus proposal={"Type":32,"block_id":{"hash":"0AF9693538AB0C753A7EA16CB618C5D988CD7DC01D63742DC4795606D10F0CA4","parts":{"hash":"58F6211ED5D6795E2AE4D3B9DBB1280AD92B2EE4EEBAA2910F707C104258D2A0","total":1}},"height":13,"pol_round":-1,"round":0,"signature":"eHY9dH8dG5hElNEGbw1U5rWqPp7nXC/VvOlAbF4DeUQu/+q7xv5nmc0ULljGEQR8G9fhHaMQuKjgrxP2KsGICg==","timestamp":"2021-11-09T11:16:36.7744083Z"}
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF received complete proposal block hash=0AF9693538AB0C753A7EA16CB618C5D988CD7DC01D63742DC4795606D10F0CA4 height=13 module=consensus
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF finalizing commit of block hash=0AF9693538AB0C753A7EA16CB618C5D988CD7DC01D63742DC4795606D10F0CA4 height=13 module=consensus num_txs=0 root=E4968C9B525DADA22A346D5E158C648BC561EEC351F402A611B9DA2706FD8267
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF minted coins from module account amount=6268801uscrt from=mint module=x/bank
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF executed block height=13 module=state num_invalid_txs=0 num_valid_txs=0
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF commit synced commit=436F6D6D697449447B5B373520353520323020352032342031312032333820353320383720313137203133372031323020313638203234302035302032323020353720343520363620313832203138392032333920393920323439203736203338203131322035342032332033203233362034375D3A447D
Nov 09 11:16:36 scrt-node-01 secretd[619529]: 11:16AM INF committed state app_hash=4B371405180BEE3557758978A8F032DC392D42B6BDEF63F94C2670361703EC2F height=13 module=state num_txs=0
^CYou are now a full node. 🎉
You can skip syncing from scratch or download a snapshot by State Syncing to the current block.
To turn your full node into a validator, see Joining Mainnet as a Validator.