How To Join Secret Network as a Full Node on Testnet
This document details how to join the Secret Network
testnet as a full node. Once your full node is running, you can turn it into a validator in the optional last step.
- Ubuntu/Debian host (with ZFS or LVM to be able to add more storage easily)
- A public IP address
- Open ports
TCP 26656 & 26657Note: If you're behind a router or firewall then you'll need to port forward on the network device.
- Reading https://docs.tendermint.com/master/tendermint-core/running-in-production.html
- RPC address of an already active node. You can use
bootstrap.pub.testnet3.enigma.co:26657, or any other node that exposes RPC services.
- 1GB RAM
- 100GB HDD
- 1 dedicated core of any Intel Skylake processor (Intel® 6th generation) or better
- 2GB RAM
- 256GB SSD
- 2 dedicated cores of any Intel Skylake processor (Intel® 6th generation) or better
- Motherboard with support for SGX in the BIOS
Refer to https://ark.intel.com/content/www/us/en/ark.html#@Processors if unsure if your processor supports SGX
0. Step up SGX on your local machine
1. Download the Secret Network package installer for Debian/Ubuntu:
2. Install the package:
sudo dpkg -i secretnetwork_0.8.1_amd64.deb
3. Initialize your installation of the Secret Network.
Choose a moniker for yourself, and replace
<MONIKER> with your moniker below. This moniker will serve as your public nickname in the network.
secretd init <MONIKER> --chain-id enigma-pub-testnet-4
4. Download a copy of the Genesis Block file:
wget -O ~/.secretd/config/genesis.json "https://github.com/enigmampc/SecretNetwork/releases/download/v0.8.1/genesis.json"
5. Validate the checksum for the
genesis.json file you have just downloaded in the previous step:
echo "0ccbe047a8dbdc43ee2f3de74f7a26fc36376aec130b8813ac76a1f95e5a6e8f $HOME/.secretd/config/genesis.json" | sha256sum --check
6. Validate that the
genesis.json is a valid genesis file:
7. The rest of the commands should be ran from the home folder (
8. Initialize secret enclave
Make sure the directory
mkdir -p ~/.sgx_secrets
Make sure SGX is enabled and running or this step might fail.
9. Check that initialization was successful
Attestation certificate should have been created by the previous step
ls -lh ./attestation_cert.der
10. Check your certificate is valid
Should print your 64 character registration key if it was successful.
PUBLIC_KEY$(secretd parse attestation_cert.der 2> /dev/null | cut -c 3-) echo $PUBLIC_KEY
secretcli, generate a key and get some test-SCRT from the faucet
The steps using
secretcli can be run on any machine, they don't need to be on the full node itself. We'll refer to the machine where you are using
secretcli as the "CLI machine" below.
To run the steps with
secretcli on another machine, set up the CLI there.
secretcli. Initially you'll be using the bootstrap node, as you'll need to connect to a running node and your own node is not running yet.
secretcli config chain-id enigma-pub-testnet-4 secretcli config node tcp://bootstrap.pub.testnet3.enigma.co:26657 secretcli config output json secretcli config indent true secretcli config trust-node true
Set up a key. Make sure you backup the mnemonic and the keyring password.
secretcli keys add $INSERT_YOUR_KEY_NAME
This will output your address, a 45 character-string starting with
secret1.... Copy/paste it to get some test-SCRT from the faucet . Continue when you have confirmed your account has some test-SCRT in it.
12. Register your node on-chain
Run this step on the CLI machine. If you're using different CLI machine than the full node, copy
attestation_cert.der from the full node to the CLI machine.
secretcli tx register auth <path/to/attestation_cert.der> --from $INSERT_YOUR_KEY_NAME --gas 250000
13. Pull & check your node's encrypted seed from the network
Run this step on the CLI machine.
SEED$(secretcli query register seed "$PUBLIC_KEY" | cut -c 3-) echo $SEED
14. Get additional network parameters
Run this step on the CLI machine.
These are necessary to configure the node before it starts.
secretcli query register secret-network-params ls -lh ./io-master-cert.der ./node-master-cert.der
If you're using different CLI machine than the validator node, copy
node-master-cert.der from the CLI machine to the validator node.
15. Configure your secret node
From here on, run commands on the full node again.
mkdir -p ~/.secretd/.node secretd configure-secret node-master-cert.der "$SEED"
16. Add persistent peers to your configuration file.
You can also use Enigma's node:
perl -i -pe 's/persistent_peers ""/persistent_peers "115aa0a629f5d70dd1d464bc7e42799e00f4edae\@bootstrap.pub.testnet3.enigma.co:26656"/' ~/.secretd/config/config.toml
17. Listen for incoming RPC requests so that light nodes can connect to you:
perl -i -pe 's/laddr .+?26657"/laddr "tcp:\/\/0.0.0.0:26657"/' ~/.secretd/config/config.toml
secret-node as a system service:
sudo systemctl enable secret-node
secret-node as a system service:
sudo systemctl start secret-node
20. If everything above worked correctly, the following command will show your node streaming blocks (this is for debugging purposes only, kill this command anytime with Ctrl-C):
journalctl -f -u secret-node
-- Logs begin at Mon 2020-02-10 16:41:59 UTC. -- Feb 10 21:18:34 ip-172-31-41-58 secretd: I[2020-02-10|21:18:34.307] Executed block modulestate height2629 validTxs0 invalidTxs0 Feb 10 21:18:34 ip-172-31-41-58 secretd: I[2020-02-10|21:18:34.317] Committed state modulestate height2629 txs0 appHash34BC6CF2A11504A43607D8EBB2785ED5B20EAB4221B256CA1D32837EBC4B53C5 Feb 10 21:18:39 ip-172-31-41-58 secretd: I[2020-02-10|21:18:39.382] Executed block modulestate height2630 validTxs0 invalidTxs0 Feb 10 21:18:39 ip-172-31-41-58 secretd: I[2020-02-10|21:18:39.392] Committed state modulestate height2630 txs0 appHash17114C79DFAAB82BB2A2B67B63850864A81A048DBADC94291EB626F584A798EA Feb 10 21:18:44 ip-172-31-41-58 secretd: I[2020-02-10|21:18:44.458] Executed block modulestate height2631 validTxs0 invalidTxs0 Feb 10 21:18:44 ip-172-31-41-58 secretd: I[2020-02-10|21:18:44.468] Committed state modulestate height2631 txs0 appHashD2472874A63CE166615E5E2FDFB4006ADBAD5B49C57C6B0309F7933CACC24B10 ^C
You are now a full node. 🎉
21. Get your node ID with:
secretd tendermint show-node-id
And publish yourself as a node with this ID:
Be sure to point your CLI to your running node instead of the bootstrap node
secretcli config node tcp://localhost:26657
If someone wants to add you as a peer, have them add the above address to their
persistent_peers in their
And if someone wants to use your node from their
secretcli then have them run:
secretcli config chain-id enigma-pub-testnet-4 secretcli config output json secretcli config indent true secretcli config node tcp://<your-public-ip>:26657
22. Optional: make your full node a validator
Your full node is now part of the network, storing and verifying chain data and Secret Contracts, and helping to distribute transactions and blocks. It's usable as a sentry node, for people to connect their CLI or light clients, or just to support the network.
It is however not producing blocks yet, and you can't delegate funds to it for staking. To do that that you'll have to turn it into a validator by submitting a
On the full node, get the pubkey of the node:
secretd tendermint show-validator
The pubkey is an 83-character string starting with
On the CLI machine, run the following command. The account you use becomes the operator account for your validator, which you'll use to collect rewards, participate in on-chain governance, etc, so make sure you keep good backups of the key.
<moniker> is the name for your validator which is shown e.g. in block explorers.
secretcli tx staking create-validator \ --amount<amount-to-delegate-to-yourself>uscrt \ --pubkey<pubkey of the full node> \ --commission-rate"0.10" \ --commission-max-rate"0.20" \ --commission-max-change-rate"0.01" \ --min-self-delegation"1" \ --moniker"<moniker>" \ --from$INSERT_YOUR_KEY_NAME
create-validator command allows using some more parameters. For more info on these and the additional parameters, run
secretcli tx staking create-validator --help.
After you submitted the transaction, check you've been added as a validator:
secretcli q staking validators | grep moniker
Congratulations! You are now running a validator on the Secret Network testnet.