Add validator key revocations:

Allow manifest revoking validator keys to be stored in a separate [validator_key_revocation] config field, so the validator can run again with new keys and token.
2025-12-06 17:27:55 +00:00 · 2017-01-24 08:38:29 -08:00
parent a8cf5e0a5c
commit b4a16b165b
6 changed files with 149 additions and 38 deletions
--- a/doc/rippled-example.cfg
+++ b/doc/rippled-example.cfg
@@ -604,8 +604,19 @@
 #
 #   This is an alternative to [validation_seed] that allows rippled to perform
 #   validation without having to store the validator keys on the network
-#   connected server. The field should contain a base64-encoded blob.
-#   External tools are available for generating validator keys and tokens.
+#   connected server. The field should contain a single token in the form of a
+#   base64-encoded blob.
+#   An external tool is available for generating validator keys and tokens.
+#
+#
+#
+# [validator_key_revocation]
+#
+#   If a validator's secret key has been compromised, a revocation must be
+#   generated and added to this field. The revocation notifies peers that it is
+#   no longer safe to trust the revoked key. The field should contain a single
+#   revocation in the form of a base64-encoded blob.
+#   An external tool is available for generating and revoking validator keys.
 #
 #
 #