This document details how to join the Secret Network testnet
as a full node. Once your full node is running, you can turn it into a validator in the optional last step.
{% hint style="danger" %} Secret Network has strict Hardware Requirements. If your machine does not meet them, it will *NOT* work as a node. {% endhint %}
- Ubuntu/Debian host (with ZFS or LVM to be able to add more storage easily)
- A public IP address
- Open ports
TCP 26656 & 26657
Note: If you're behind a router or firewall then you'll need to port forward on the network device. - Reading Tendermint: Running in production
- RPC address of an already active node. You can use
http://bootstrap.pulsar3.scrtlabs.com:26657
, or any other node that exposes RPC services. Alternate RPC nodes available in the API Registry. - Install SGX
{% hint style="danger" %} This guide assumes you've already installed the latest version of secretd and SGX. To setup an archive node, you must follow the Archive Nodes instructions. {% endhint %}
For more information on SGX, see instructions for SGX Installation and Verifying SGX. See Node Registration Information if you'd like a more comprehensive overview on what's happening in these steps.
Choose a moniker for yourself, and replace <MONIKER>
with your moniker below. This moniker will serve as your public nickname in the network.
secretd init <MONIKER> --chain-id pulsar-3
This will generate the following files in ~/.secretd/config/
genesis.json
node_key.json
priv_validator_key.json
The genesis file is how other nodes on the network know what network you should be on.
curl https://rpc.pulsar.scrttestnet.com/genesis | jq '.result.genesis' > ~/.secretd/config/genesis.json
# verify genesis.json checksum
echo "adb91d0ee8cb5da80ef47e0b13d42b89bba003063542054d67522e52ddb4f514 $HOME/.secretd/config/genesis.json" | sha256sum --check
Initialize /opt/secret/.sgx_secrets
:
mkdir -p /opt/secret/.sgx_secrets
You can choose between two methods, 3a (automatic) or 3b (manual):
{% hint style="danger" %} WARNING: This method is experimental, and may not work. If it doesn't work, skip to step 3b. {% endhint %}
The following commands will create the necessary environment variables and attempt to automatically register the node.
export SCRT_ENCLAVE_DIR=/usr/lib
export SCRT_SGX_STORAGE=/opt/secret/.sgx_secrets
secretd auto-register --pulsar
If this step was successful, you can skip straight to Optimization.
secretd init-enclave
Attestation certificate should have been created by the previous step
ls -lh /opt/secret/.sgx_secrets/attestation_cert.der
Verify the certificate is valid. A 64 character registration key will be printed if it was successful.
PUBLIC_KEY=$(secretd parse /opt/secret/.sgx_secrets/attestation_cert.der 2> /dev/null | cut -c 3-)
echo $PUBLIC_KEY
{% hint style="info" %}
The following steps should use secretd
be ran on the full node itself. To run the steps with secretd
on a local machine, set up the CLI there.
{% endhint %}
Configure secretd
. Initially you'll be using the bootstrap node, as you'll need to connect to a running node and your own node is not running yet.
secretd config chain-id pulsar-3
secretd config node https://rpc.pulsar.scrttestnet.com
secretd config output json
If you already have a wallet funded with SCRT
, you can import the wallet by doing the following:
secretd keys add <key-alias> --recover
Otherwise, you will need to set up a key. Make sure you back up the mnemonic and the keyring password.
secretd keys add <key-alias>
This will output your address, a 45 character-string starting with secret1...
. Copy/paste it to get some test-SCRT from the faucet. Continue when you have confirmed your account has some test-SCRT in it.
- Register your node on-chain
secretd tx register auth /opt/secret/.sgx_secrets/attestation_cert.der -y --from <key-alias>
2. Pull & check your node's encrypted seed from the network
SEED=$(secretd query register seed $PUBLIC_KEY | cut -c 3-)
echo $SEED
3. Get additional network parameters
These are necessary to configure the node before it starts.
secretd query register secret-network-params
ls -lh ./io-master-key.txt ./node-master-key.txt
{% hint style="info" %} From here on, commands must be ran on the full node. {% endhint %}
mkdir -p ~/.secretd/.node
secretd configure-secret node-master-key.txt $SEED
# seeds
perl -i -pe 's/seeds = ""/seeds = "07234140a165b470846fe995951401a8db88dd36\@bootstrap.pulsar3.scrtlabs.com:26656,b5d1bb9194c6148367b64586d6bc0128866fc646\@212.7.211.39:26656,a3c9c415fe6b46babd16f000c7dbd4d94be6e450\@178.162.151.73:26656,c088b57ebc7b2cfa2ec99e8b4ffef90bead96b47\@185.56.139.84:26656"/' ~/.secretd/config/config.toml
# persistent_peers
perl -i -pe 's/persistent_peers = ""/persistent_peers = "07234140a165b470846fe995951401a8db88dd36\@bootstrap.pulsar3.scrtlabs.com:26656,b5d1bb9194c6148367b64586d6bc0128866fc646\@212.7.211.39:26656,a3c9c415fe6b46babd16f000c7dbd4d94be6e450\@178.162.151.73:26656,c088b57ebc7b2cfa2ec99e8b4ffef90bead96b47\@185.56.139.84:26656"/' ~/.secretd/config/config.toml
In order to be able to handle NFT minting and other Secret Contract-heavy operations, it's recommended to update your SGX memory enclave cache:
sed -i.bak -e "s/^contract-memory-enclave-cache-size *=.*/contract-memory-enclave-cache-size = \"15\"/" ~/.secretd/config/app.toml
Also checkout this document by [ block pane ]
for fine tuning your machine for better uptime.
We recommend 0.0125uscrt
per gas unit:
perl -i -pe 's/^minimum-gas-prices = .+?$/minimum-gas-prices = "0.0125uscrt"/' ~/.secretd/config/app.toml
Your node will not accept transactions that specify --fees
lower than the minimun-gas-price
you set here.
{% hint style="info" %}
Note that the secret-node
system file is created when installing sgx.
{% endhint %}
sudo systemctl enable secret-node
You are now a now ready to finally sync the full node. 🎉.
Go to testnet-state-sync.md to continue.
secretd tendermint show-node-id
And publish yourself as a node with this ID:
<your-node-id>@<your-public-ip>:26656
Be sure to point your CLI to your running node instead of the bootstrap node
secretcli config node tcp://localhost:26657
If someone wants to add you as a peer, have them add the above address to their persistent_peers in their ~/.secretd/config/config.toml.
And if someone wants to use your node from their secretcli then have them run:
secretcli config chain-id pulsar-3
secretcli config output json
secretcli config indent true
secretcli config node tcp://<your-public-ip>:26657
You can skip syncing from scratch or download a snapshot by State Syncing to the current block.
To turn your full node into a validator, see Join Testnet as a Validator.