Setup Full Node

This document details how to join the Secret Network secret-4 mainnet as a full node. Once your full node is running and synced to the last block, you can use it

Requirements

• Ubuntu/Debian host, recommended is Ubuntu 20.04 LTS or 22.04 LTS.

• A public IP address, so that other nodes can connect to you.

• Open ports TCP 26656 & 26657 Note: If you're behind a router or firewall then you'll need to port forward on the network device.

• Reading Tendermint: Running in production

• RPC address of an already active node. You can use any node that exposes RPC services, please see API Endpoints Mainnet (Secret-4).

Installation

Install SGX and secretd

For more information on how to install SGX, see instructions for .

If you need help with installing secretd, please take a look at Install secretd.

Initialize Secret Network Configs

Choose a moniker for yourself, and replace <MONIKER> with whatever name you like (could be some random string, or just how you like to name to node) below. This moniker is your public nickname of the node in the network.

secretd init <MONIKER> --chain-id secret-4

This will generate the following files in ~/.secretd/config/

• genesis.json

• node_key.json

• priv_validator_key.json

Download genesis.json

wget -O ~/.secretd/config/genesis.json "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.2.0/genesis.json"
# verify genesis.json checksum
echo "759e1b6761c14fb448bf4b515ca297ab382855b20bae2af88a7bdd82eb1f44b9 $HOME/.secretd/config/genesis.json" | sha256sum --check

Initialize Secret Enclave

Initialize /opt/secret/.sgx_secrets:

mkdir -p /opt/secret/.sgx_secrets

You can choose between two methods, automatic or manual:

Initialize Secret Enclave - Automatic Registration (EXPERIMENTAL)

The following commands will create the necessary environment variables and attempt to automatically register the node.

export SCRT_ENCLAVE_DIR=/usr/lib
export SCRT_SGX_STORAGE=/opt/secret/.sgx_secrets
secretd auto-register

If this step was successful, you can skip straight to Optimization.

Initialize Secret Enclave - Manual Registration

secretd init-enclave

Verify Enclave Initialization

The attestation certificate should have been created by the previous step

ls -lh /opt/secret/.sgx_secrets/attestation_combined.bin

Verify the certificate is valid. A 64-character registration key will be printed if it was successful.

PUBLIC_KEY=$(secretd dump /opt/secret/.sgx_secrets/pubkey.bin)
echo $PUBLIC_KEY

Configure secretd

Configure secretd. Initially you'll be using the bootstrap node, as you'll need to connect to a running node and your own node is not running yet.

secretd config chain-id secret-4
secretd config node https://rpc.mainnet.secretsaturn.net
secretd config output json

Fund Secret Wallet

If you already have a wallet funded with SCRT, you can import the wallet by doing the following:

secretd keys add <key-alias> --recover

Otherwise, you will need to set up a key. Make sure you back up the mnemonic and the keyring password.

secretd keys add <key-alias>

This will output your address, a 45 character-string starting with secret1....

Configure Node Attestation

1. Register your node on-chain

secretd tx register auth /opt/secret/.sgx_secrets/attestation_combined.bin -y --gas 700000 --from <key-alias>

2. Pull & check your node's encrypted seed from the network

SEED=$(secretd query register seed $PUBLIC_KEY | cut -c 3-)
echo $SEED

3. Get additional network parameters

These are necessary to configure the node before it starts.

secretd query register secret-network-params
ls -lh ./io-master-key.txt ./node-master-key.txt

Configure Secret Node

mkdir -p ~/.secretd/.node
secretd configure-secret node-master-key.txt $SEED

Optimization

In order to be able to handle NFT minting and other Secret Contract-heavy operations, it's recommended to update your SGX memory enclave cache:

sed -i.bak -e "s/^contract-memory-enclave-cache-size *=.*/contract-memory-enclave-cache-size = \"15\"/" ~/.secretd/config/app.toml

Also checkout this document by block pane for fine tuning your machine for better uptime.

Set minimum-gas-price Parameter

We recommend 0.1uscrt per gas unit:

perl -i -pe 's/^minimum-gas-prices = .+?$/minimum-gas-prices = "0.1uscrt"/' ~/.secretd/config/app.toml

Your node will not accept transactions that specify --fees lower than the minimun-gas-price you set here.

Set IAVL-disable-fastnode

IAVL fast node must be disabled, otherwise the daemon will attempt to upgrade the database whil state sync is occuring.

sed -i.bak -e "s/^iavl-disable-fastnode *=.*/iavl-disable-fastnode = true/" $HOME/.secretd/config/app.toml

Enable secret-node:

sudo systemctl enable secret-node 

You are now a now ready to finally sync the full node. 🎉.

Go to Statesync or Quicksync / Snapshot to continue.

Snapshot

To sync to head quickly, please see Quicksync / Snapshot.

State Sync

You can skip syncing from scratch or download a snapshot by Statesync to the current block.

Get Node ID

secretd tendermint show-node-id

And publish yourself as a node with this ID:

<your-node-id>@<your-public-ip>:26656

Be sure to point your CLI to your running node instead of the bootstrap node

secretcli config node tcp://localhost:26657

If someone wants to add you as a peer, have them add the above address to their persistent_peers in their ~/.secretd/config/config.toml.

And if someone wants to use your node from their secretcli then have them run:

secretcli config chain-id secret-4
secretcli config output json
secretcli config indent true
secretcli config node tcp://<your-public-ip>:26657

Optional: Become a Validator

To turn your full node into a validator, see Joining Mainnet as a Validator.