Validator Keys Backup Script
This script creates automated backups of your critical validator files to prevent data loss.
What Gets Backed Up:
priv_validator_key.json- Your validator identity (CRITICAL - cannot be recovered if lost)priv_validator_state.json- Prevents double-signing (protects against slashing)node_key.json- P2P network identitykeyring-file/- Your account keys (only if stored on the network node - typically these are kept on a separate secure machine)- TMKMS files
The script creates two copies:
- Latest backup in
~/backup_validator/ - Timestamped archive in
~/backup_validator/archive/
Note on Network Node Migration:
If you just want to attach your cold account key to a new network node, you can shut down your old node, create a new one from scratch, and update the participant info with a submit new participant transaction. See the “Update Consensus Key” topic for details. In this case, you only need your cold key from the keyring - full validator key backups are optional.
Installation:
Save the script as backup_validator.sh:
#!/bin/bash
# Validator keys backup for Gonka chain
# Backs up critical validator files with versioned archive
#
# Usage: ./backup_validator.sh
# ./backup_validator.sh /custom/path/.inference
#
# Files backed up:
# - priv_validator_key.json (CRITICAL - validator identity)
# - priv_validator_state.json (prevents double-signing)
# - node_key.json (P2P identity)
# - keyring-file/ (account keys, if present)
# - TMKMS files if present
#
# Restore:
# cp ~/backup_validator/priv_validator_key.json /opt/gonka/deploy/join/.inference/config/
CHAIN_HOME="${1:-/opt/gonka/deploy/join/.inference}"
TMKMS_HOME="${TMKMS_HOME:-$HOME/.tmkms}"
BACKUP_DIR="${BACKUP_DIR:-$HOME/backup_validator}"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
[[ "$1" == "-h" || "$1" == "--help" ]] && { echo "Usage: $0 [CHAIN_HOME]"; exit 0; }
echo "Backup: $CHAIN_HOME -> $BACKUP_DIR"
mkdir -p "$BACKUP_DIR/archive"
# Copy file to backup dir and archive with timestamp
backup_file() {
local src="$1" name="$2"
cp "$src" "$BACKUP_DIR/$name" 2>/dev/null || return 1
cp "$src" "$BACKUP_DIR/archive/${name%.*}_${TIMESTAMP}.${name##*.}" 2>/dev/null
}
# Validator key (try chain home first, then TMKMS)
backup_file "$CHAIN_HOME/config/priv_validator_key.json" "priv_validator_key.json" || \
backup_file "$TMKMS_HOME/secrets/priv_validator_key.json" "priv_validator_key.json" || \
echo "[ERR] priv_validator_key.json NOT FOUND - this is critical!"
# State file (prevents double-signing)
backup_file "$CHAIN_HOME/data/priv_validator_state.json" "priv_validator_state.json" || \
backup_file "$TMKMS_HOME/state/priv_validator_state.json" "priv_validator_state.json"
# Optional files
backup_file "$CHAIN_HOME/config/node_key.json" "node_key.json"
backup_file "$TMKMS_HOME/secrets/priv_validator_key.softsign" "priv_validator_key.softsign"
backup_file "$TMKMS_HOME/tmkms.toml" "tmkms.toml"
cp -r "$CHAIN_HOME/keyring-file" "$BACKUP_DIR/" 2>/dev/null
# Generate checksums for verification
cd "$BACKUP_DIR" && sha256sum *.json *.toml 2>/dev/null > checksums.sha256
echo "Done: $BACKUP_DIR"
echo "Archive versions: $(ls -1 "$BACKUP_DIR/archive" 2>/dev/null | wc -l)"
echo ""
echo "Add to cron (every 6 hours):"
echo " 0 */6 * * * $0 $CHAIN_HOME >> /var/log/backup_validator.log 2>&1"
Make it executable:
chmod +x backup_validator.sh
Usage:
Default setup (if your node is in /opt/gonka/deploy/join/.inference):
./backup_validator.sh
Custom path:
./backup_validator.sh /path/to/.inference
Custom backup location:
BACKUP_DIR=/mnt/backups ./backup_validator.sh
Setting Up Automated Backups:
Add to crontab to run every 6 hours:
crontab -e
Add this line:
0 */6 * * * /path/to/backup_validator.sh >> /var/log/backup_validator.log 2>&1
Important Security Notes:
- Store backups off-server - copy
~/backup_validator/to a secure location - Never share
priv_validator_key.json- it’s your validator identity - Encrypt backups if storing in cloud storage
- The script checks file integrity with SHA256 checksums