KeyVault Remote Signer – Validator Key Protection & Signing
Blox is completely non-custodial and will remain that way. For that reason, the importance of having your own server takes on a new meaning. A key component of the Blox platform, a personal instance of KeyVault remote signer, is housed on your cloud server of choice and protects your validator key therein. This ensures that we do not have access to your validator key.
Keyvault is based on Hashicorp Vault with a proprietary plug-in that supports Eth2 signing functionalities and includes built-in slashing protection. As part of set-up with Blox, Blox assists with the installation of KeyVault by providing a Wizard with instructions through the Blox Live Desktop App. During installation, Blox Live is given permissions to perform maintenance tasks for KeyVault, strictly upon opt-in with your password.
Your Eth2 validator key is stored safely in your KeyVault remote signer, and is used when incoming requests from the blockchain are sent from Blox Infra. Every time you’re called upon to complete a duty, Blox Infra will send the request to your server for signing using http requests and an access token mechanism. KeyVault will analyze the request and sign if appropriate, then send it back to complete the block. Therefore, your server will only communicate with our infrastructure when it’s your turn to attest or propose; in a limited, encrypted capacity.