-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is the correct Policy? #510
Comments
The format in your signatory.yaml file would be
You can choose from the policy list for the rest: So you might choose:
|
Thanks, so something like this should work to allow baker duties, delegation and staking transactions only.
|
signatory is "closed by default" so there is no 'deny' block. also, if you have 'unstake' you might want 'finalize_unstake' as well. Finally, note as well that |
Thanks, the following example now is it correct? tezos:
tz1ExamplePublicKeyHash:
log_payloads: true
allow:
block:
preattestation:
attestation:
unstake:
finalize_unstake:
generic:
- transaction
- reveal
- delegation
- drain_delegate |
That should work. |
Thanks, Is the Ledger reliable to use? Specifically, can we store the backer signing key on the Ledger, and how does this usually work? Does the signer need to retrieve the signing key from the Ledger each time it performs backer duties? |
The Ledger hardware wallet provides excellent security for storing the signing key required for baking. It isolates the private key within its secure element, ensuring it cannot be extracted or used outside the Ledger's controlled environment. Details of how it works are in the documentation: https://signatory.io/docs/bakers |
Thanks, my point does the signer needs to be connected always to the ledger to be able to perform duties? |
The ledger device must always be connected and active as it signs
attestations and blocks.
…On Mon, Nov 18, 2024 at 7:01 AM n0price ***@***.***> wrote:
Thanks, my point does the signer needs to be connected always to the
ledger to be able to perform duties?
My understanding as well the same private key that needed for the
consensus is the same that control the self bond.
—
Reply to this email directly, view it on GitHub
<#510 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASWO3VW345ULRO454CA22A32BH6LHAVCNFSM6AAAAABRGE664SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBTGMYDGOJWGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Thanks. from the documentation I can not understand how does the remote signer really needs to be configured in practice. So my understanding the setup should something like the following: The signer vm :
The policy vm config:
|
Dear Signatory Team,
I appreciate your help to share the correct policy to allow backer duties, voting, delegating, staking and unstaking and block transaction (ie: draining funds from consensus key). Thank you!
The text was updated successfully, but these errors were encountered: