Secret Network
WebsiteDiscordGithub
  • 👋INTRODUCTION
    • Secret Network Introduction
    • Secret Network Techstack
      • Private transactions - A quick summary
      • Blockchain Technology
        • Cosmos Basics
        • Tendermint
        • Cosmos SDK
        • IBC
        • CosmWasm
      • Privacy Technology
        • Encryption - Key Management
          • Overview
          • Key Derivation & Encryption Techniques
          • The Initialization Of Secret Network
          • Full Node Boostrap
          • Contract State Encryption
          • Transaction Encryption
          • Consensus seed rotation
        • Trusted Execution Environments  (TEE) —  Intel SGX
          • How Secret Network Uses SGX
          • SGX-SPS Security & Reliabillity
          • Remote Attestation
          • Trusted & Untrusted Core
          • Sealing
        • Private smart contracts - overview
  • 💻Development
    • 🏠Getting Started
      • Setting Up Your Environment
        • Cargo.toml Best Practices (Crates vs Dependencies)
      • Compile and Deploy
      • Running the Application
      • Compile and Deploy on Secret testnet (best for Javascript devs)
      • Fullstack dApp Integration
    • 🤓Secret Contracts
      • Secret Contracts & CosmWasm
        • Framework overview
        • Secret Contract Components
          • Instantiation Message
          • Execution Message
          • Query Message
          • Deps/DepsMut
          • Storage
            • Prefixed Storage
            • Singleton
            • Keymap
            • Append Store
            • Best practices
        • CosmWasm vs Secret CosmWasm
      • Secret Tokens (SNIP-20)
      • Contract - module call
      • Secret contract - Design Space/Features
        • Secret Contracts introduction
        • Gas/Fee usage
        • TPS and scalability
        • Privacy Essentials
        • Access Control
          • Viewing Keys
          • Permits
        • Trusted and untrusted data
        • Secret-VRF - on-chain Randomness
        • Privacy design
          • Mitigate privacy risks - full guide
          • Gas Evaporation & Tracking
        • Confidential Computing Layer
        • Fiat/Crypto Onboarding
        • Account abstraction
        • Fee abstraction
        • Wallet support
        • Bridge (messaging/tokens)
        • IBC (Hooks, PFM, Wasm)
        • Price Oracles
        • Auto Restaking
      • Permissioned Viewing
        • Viewing Keys
        • Permits
      • Cross Contract Communication
      • Submessages
        • get_contract_code_hash
      • Randomness API - Secret VRF
        • Native On-chain randomness
        • Randomness over IBC
      • Execution Finalization
      • Factory Contracts
      • Contract Migration
        • Manual - < v1.11
        • Native - from v1.11
      • Cross-deploy Vanilla CW and Secret Contracts
      • Testing Secret Contracts
        • Unit Tests
        • Continuous Integration
        • Datatype Handling - Uint, floats etc.
    • 👀Secret Contract - Reference, Guides, Examples
      • Starter guide - Millionaire's Problem
      • Reference Contracts
      • Open source dApps
      • Tools & Libraries
        • Network interaction SDKs
          • Secret.js (JavaScript)
          • SecretPy (Python)
          • SecretK (Kotlin)
          • Secret.NET
            • Snippets
              • Deploying a Contract
              • Send Native Coin
              • Query a Contract
              • Create a new Wallet
              • Permits
              • SNIP20
              • SNIP721
          • Shade.Js
        • LocalSecret - Devnet docker
        • Smart contract - Tools/Utils
          • Secret Toolkit
          • CW-Plus
          • Fadroma - SC framework
          • Hidden Gems
          • Other
            • Secret IDE
            • Polar
    • 🖼️Frontend Development
      • Getting Started with SecretJS
        • Usage Examples
          • Sending Queries
          • Sending Messages
          • Contract Migration
          • Wallet Integrations
          • Query Permits
          • SNIP20 (SCRT Tokens)
          • SNIP721 (Secret NFTs)
      • Feegrant
        • Understanding Feegrant allowances
        • Grant allowances
        • Using grant allowances to execute transactions
        • Using the Fee Grant Faucet
    • 📬Deployment Addresses/ API Endpoints
      • Secret (SNIP 20) token contracts list
        • SNIP Asset naming guidelines
      • Connecting to the Network
        • API Endpoints Mainnet (Secret-4)
        • API Endpoints Testnet (Pulsar-3)
        • Usage examples
        • Comparison of endpoint types
      • Create your own SNIP-25 IBC Token
  • Secret AI
    • 🤝Introduction
    • 🏗️Architecture
    • 👩‍💻Secret AI SDK
      • Setting Up Your Environment
      • Running the Application
    • 🪙Economics
    • Smart Contract Reference
      • SubscriptionManager
      • WorkerManager
      • RewardsManager
  • 🌐SecretVM - Confidential Virtual Machines
    • 🤝Introduction
    • 🏗️Architecture
    • ☑️Attestation
      • What is Attestation
      • Obtaining Attestation Data
      • Attestation Report - Key Fields
      • Chain of Trust
    • 🏁Launching a SecretVM
    • 🛠️Managing SecretVM Lifecycle
    • ✅Verifying a SecretVM
    • 💡Best Practices for Developers
    • 📖Glossary
  • 🔓Confidential Computing Layer
    • 🧑‍🚀IBC Developer Toolkit
      • Basics
        • Overview
        • Cross-chain Messaging with IBC Hooks
          • Functions, Methods, and Data Structures
          • Typescript SDK
          • IBC-Hooks
        • IBC Relaying with Go Relayer
      • Usecases
        • Storing Encrypted Data on Secret Network
          • Key-Value store Developer Tutorial
        • Secret VRF for IBC with IBC-Hooks
        • Confidential Voting
        • Sealed Bid Auctions
      • Supported Networks
        • Mainnet
        • Testnet
    • 🤝Ethereum (EVM) Developer Toolkit
      • Basics
        • Overview
        • Connecting Metamask to Secret Network
        • SecretPath + Reown integration
        • Cross-chain Messaging
          • SecretPath
            • Architecture Overview
            • Detailed Architecture
            • SecretPath Developer Tutorials
            • Public EVM Gateway Architecture
            • How to deploy SecretPath on your chain
          • Axelar GMP
            • Architecture Overview
            • Axelar GMP Developer Tutorial
      • Usecases
        • Storing Encrypted Data on Secret Network
          • Key-Value store Developer Tutorial
        • Sealed Bid Auction
          • Sealed Bid Auction Developer Tutorial
        • Confidential Voting
          • Confidential Voting Developer Tutorial with SecretPath
        • VRF
          • Implementing VRF into any EVM Contract
          • VRF Developer Tutorial
          • Performance figures of SecretVRF vs competitors
          • Using encrypted payloads for VRF
          • Converting from Chainlink VRF to Secret VRF in four steps
        • Confidential Document Sharing
        • Tokens
          • From EVM to Secret
      • Supported Networks
        • EVM
          • EVM Mainnet
          • EVM Testnet
          • Gateway Contract ABI
        • Secret Gateway
          • SecretPath mainnet (secret-4) contracts
          • SecretPath testnet (pulsar-3) contracts
    • 🙌Solana Developer Toolkit
      • Usecases
        • Storing Encrypted Data on Secret Network
          • Key-value Store Developer Tutorial
        • VRF
          • VRF Developer Tutorial
      • Program IDs
        • Solana Mainnet & Testnet
        • Gateway Contract IDL
  • 🤫Overview, Ecosystem and Technology
    • 🚀Secret Network Overview
      • The SCRT coin
      • Private Tokens
      • Use Cases
        • Decentralized Finance (DeFi)
        • Art And Digital Media
        • Gaming
        • Data Privacy
        • Payments And Transactions
        • Communication
      • The technology
      • History
      • Roadmap (Core development)
        • Secret 2.0
      • Where To Buy SCRT?
      • Using the Testnet
    • 🐸Ecosystem Overview
      • Wallets
      • Applications
      • Explorers & tools
      • Funding
        • SCRT Labs Grants
        • Dilutive funding/VC raise
        • Community Pool
        • Developer bounties
          • SCRT Labs bounties [on-hold]
          • CCBL [on-hold]
          • CCR [On-hold]
        • Application specific
          • Shade Grants
      • Contributors & Entities
        • Validators
        • SCRT Labs
        • Secret Foundation
        • Secret Committees
          • Support
          • Governance
      • Secret Network Dictionary
  • 🔧Infrastructure
    • 🔓Use SecretCLI
      • Secretcli vs. Secretd
      • Install
      • Configuration
      • Address Types
      • Key Types
      • Generating Keys
      • Viewing Keys
      • Query Transactions
      • Send Tokens
      • Multisig Keys
      • Multisig Transactions
      • Transaction Broadcasting
      • Fees & Gas
      • Fee Distribution
      • Secret Contracts
      • Slashing
      • Minting
      • Delegating
      • Restake
      • Nodes
      • Governance
        • Creating Governance Proposals
        • Query Proposals
        • Deposits
        • Voting
    • 🔐Use Ledger hardware wallet
      • 🔐Ledger with SecretCLI
    • 🖥️Running a node/validator
      • Setting up a node/validator
        • Hardware setup
          • Hardware Compliance
          • VPS/Bare-Metal Compliance
            • Leaseweb Setup
            • PhoenixNAP Setup
            • Psychz Setup
            • nForce Setup
            • Vultr Setup
            • OVHCloud Setup
            • Microsoft Azure Setup
          • Patching your Node
          • Enclave verification
          • Registration troubleshooting
        • Testnet Setup
          • Install SGX
          • Install secretd
          • Setup Full Node
          • Testnet State Sync
          • Becoming a Testnet Validator
          • Installing CLI & Creating A New Address
        • Mainnet Setup
          • Install SGX
          • Install secretd
          • Setup Full Node
          • Quicksync / Snapshot
          • Statesync
          • Becoming A Validator
          • Installing CLI & Creating A New Address
      • Maintaining a node/validator
        • Slashing information
        • Migrating a Validator
        • Troubleshooting
        • Validator Backup
        • Server security
          • SSH authentication
          • Server configuration
          • Uncomplicated-Firewall (UFW)
          • Local CLI
        • Node Monitoring
          • Prometheus
            • Environment Preperation
            • Install Node Exporter
            • Install Prometheus
            • Configuring Prometheus
          • Grafana
            • Install Grafana
            • Grafana Dashboard
            • Next Steps
          • Docker
            • Install Docker
            • Configuration
            • Start Containers
            • Grafana Dashboard
            • Application Ports
            • Stop Containers
          • Goaccess
            • Install Goaccess
            • Setup Goaccess
        • Helpful commands
          • Query Validators
          • Bond Tokens
          • Withdraw Rewards
          • Query Delegations
          • Unbond Tokens
          • Query Unbonding-Delegations
          • Redelegate Tokens
          • Query Redelegations
          • Query Parameters
          • Query Pool
          • Query Delegations To Validator
      • API Noderunning
        • Running Multiple Nodes on the Same Server
        • Node Loadbalancing using Nginx
          • Setup Nginx
          • Example Nginx config
        • Using Auto heal to improve cluster uptime for Nginx
      • Sentry and Archive nodes
        • Mantlemint
        • Sentry Nodes
        • Archive Nodes
    • ⛓️IBC Relayers
      • Hermes
      • RLY
      • IBC channel database
    • 🆙Upgrade Instructions
      • v1.13
      • v1.12
      • v1.11
      • v1.10
      • v1.9
      • v1.8
      • v1.7
      • Shockwave Omega v1.6
      • v1.5
      • Shockwave Delta v1.4
      • Shockwave Delta v1.4 (Testnet)
      • Shockwave Alpha v1.3
      • Cosmovisor
      • Vulcan Network Upgrade (OLD)
    • ☠️Postmortems
      • SNIP-20 leaks
      • xApic
      • Secpk-Verifications Bloat
      • Earn Contract Exploit
      • Testnet Halt 95
    • ✍️Contribute to the documentation
      • Report Bugs
      • Suggest Enhancements
      • First Contribution Guide
      • Pull Request Templates
        • Update Documentation
        • Bug Fix
        • Improve Performance
        • Change Functionality
      • Style Guide
    • 🌊Versioning & Changelog
      • Secret Network v1.13
      • Secret Network v1.12
      • Secret Network v1.11
      • Secret Network v1.10
      • Secret network v1.9
      • Secret Network v1.7/1.8
      • Secret Network v1.6
      • Secret Network v1.5
      • Secret Network v1.4 (CosmWasm 1.0)
Powered by GitBook
On this page
  • Secret Network v1.13 Instructions
  • ⚠️ IMPORTANT NOTES ⚠️
  • ⚠️ Cosmovisor tool may NOT be used with this upgrade. This is due to the following facts:
  • Upgrading Manually
  • Details of Upgrade Time
  • In Case of an Upgrade Failure

Was this helpful?

Edit on GitHub
Export as PDF
  1. Infrastructure
  2. Upgrade Instructions

v1.13

PreviousUpgrade InstructionsNextv1.12

Last updated 11 months ago

Was this helpful?

Secret Network v1.13 Instructions

⚠️ IMPORTANT NOTES ⚠️

  • All coordination efforts will be done in the "SN Validators" Telegram group.

  • Make sure to before making any changes.

  • Please read carefully before you begin the upgrade.

⚠️ Cosmovisor tool may NOT be used with this upgrade. This is due to the following facts:

  • Various prerequisites should be installed and configured

  • After the installation, the secret node should perform an additional step, BEFORE the actual network upgrade (more on this later).

Upgrading Manually

There are 9 steps to be performed. Steps 1-4 inclusive can be performed BEFORE the upgrade height is reached (or before the upgrade is even proposed). We recommend doing so, i.e. perform those steps in advance, to minimize the downtime during the upgrade.

Technically the DCAP attestation isn't required. If your node is already registered on the network then the attestation during the upgrade isn't necessary, and we still support EPID attestation anwayay. But we strongly recommend making sure it works nevertheless. The EPID would be phased-out by Intel on April 2025.

1. Make sure you have the latest SGX DCAP driver

# 1. Make sure the SGX driver is installed. The following devices should appear:
# /dev/sgx_enclave
# /dev/sgx_provision

# If your kernel version if 5.11 or higher, then you probably already have the SGX driver installed.
# Otherwise - please update the kernel version.

# Also make sure that the user under which the node is supposed to run has privileges to access SGX
sudo groupadd sgx_prv
sudo usermod -a -G sgx_prv $USER

# Check if the above has effect, by the following command
groups

# The sgx_prv should appear. If it does not - Logout and re-login may be needed, for the change to take effect.

2. Install the DCAP runtime and AESM service

curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
. /etc/os-release; VERSION_CODENAME=${VERSION_CODENAME}
sudo add-apt-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $VERSION_CODENAME main"
sudo apt-get update
sudo apt-get install -y \
    libsgx-aesm-launch-plugin \
    libsgx-enclave-common \
    libsgx-epid \
    libsgx-launch \
    libsgx-quote-ex \
    libsgx-uae-service \
    libsgx-qe3-logic \
    libsgx-pce-logic \
    libsgx-aesm-pce-plugin \
    libsgx-dcap-ql \
    libsgx-dcap-quote-verify \
    libsgx-urts \
    sgx-aesm-service \
    libsgx-aesm-ecdsa-plugin \
    libsgx-aesm-quote-ex-plugin \
    libsgx-ae-qve \
    libsgx-dcap-default-qpl	

sudo apt upgrade

If your system has 5th Gen Intel® Xeon® Scalable Processor(s)

For the DCAP attestation to work, you'll need to register your platform with Intel. This is achieved by the following:

sudo apt-get install -y sgx-ra-service

You can check the file /var/log/mpa_registration.log, to see if the platform is registered successfully.

3. Configure Quote Provider

The Quote Provider library is needed to provide the data for DCAP attestation. It should be installed by now (by the previous section), but before using it should be configured. The configuration file should be here:

/etc/sgx_default_qcnl.conf

If you're running a physical machine

The simplest would be to use the PCCS run by SecretLabs. Modify the following parameters in the file:

//PCCS server address
"pccs_url": "https://pccs.scrtlabs.com/sgx/certification/v4/"

You can set this parameter by the following command:

sudo cp /etc/sgx_default_qcnl.conf /etc/sgx_default_qcnl.conf.BKP
sudo sed -s -i 's/localhost:8081/pccs.scrtlabs.com/' /etc/sgx_default_qcnl.conf

Cloud computers

For cloud computers, the cloud service providers may provide their own PCCS. Please see their documentation

Note: You'll need to restart the AESMD service each time the configuration is changed

# Restart the AESMD service
sudo systemctl restart aesmd.service

4. Use check-hw to test the DCAP attestation (Optional step)

Download and run the check-hw tool (included in the Release package). You should see the following:

DCAP attestation ok
Platform verification successful! You are able to run a mainnet Secret node

That would mean all the above steps are ok, and you're good to go.

In case you see some error messages, but at the end the following:

Platform Okay!
Platform verification successful! You are able to run a mainnet Secret node

That would mean there's a problem with DCAP attestation. However the EPID attestation still works. Although you may technically run the node, it's strongly recommended to fix this. The EPID will be phased-out by Intel on April 2025.

To get a more detailed error info, run check-hw --testnet

5. Wait till the upgrade height is reached

When the network reaches the halt height you'll see this message in your node's log (journalctl -fu secret-node):

2:00PM ERR UPGRADE "v1.13" NEEDED at height: ...
2:00PM ERR CONSENSUS FAILURE!!! err="UPGRADE \"v1.13\" NEEDED at height: ...

Then, follow those steps to upgrade for v1.13: :warning: Note: The below instructions assume default installation. DO NOT COPY-PASTE if config.toml is not in ~/.secretd/config/config.toml or if you modified /etc/systemd/system/secret-node.service. If you have modified /etc/systemd/system/secret-node.service, you will need to re-apply those changes post installation and pre service restart.

6. Backup files, and install the new version

# Backup your node's SGX secrets
cp -a /opt/secret/.sgx_secrets ~/sgx_secrets_backup
mkdir 112backup
cp ~/.secretd/.node/* 112backup/


# Get the v1.13 binaries
wget "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.13.0/secretnetwork_1.13.0_mainnet_goleveldb_amd64.deb"

# Stop the v1.12 node
sudo systemctl stop secret-node

# Install the v1.13 binaries
sudo apt install -y "./secretnetwork_1.13.0_mainnet_goleveldb_amd64.deb"

7. Migrate your local sealed files

This step must be done manually, before the Node automatic upgrade

# IMPORTANT: Upgrade sealed files to the newer SGX format
secretd migrate_sealing

8. Verify the DCAP attestation is working (Optional step)

This node version supports both EPID (older) and DCAP (newer) attestation schemes. Before proceeding, it's recommended to verify that DCAP attestation works properly. Though it's not mandatory if your node is already registered on the network.

# Retrieve DCAP-only attestation
secretd init-enclave --no-epid

The above retrieves self attestation. And since --no-epid flag is specified, that should be a DCAP attestation.

You can also verify that EPID attestation works, by the following command

# Retrieve EPID-only attestation
secretd init-enclave --no-epid

# Or retrieve any (EPID or DCAP or both) attestation
secretd init-enclave

9. Finally start the node

# re-apply any systemd unit file customizations

# Restart the node
sudo systemctl restart secret-node

After restarting the node with v1.13, you should see INF applying upgrade "v1.13" at height: ... in the logs (journalctl -fu secret-node). Once 67% of voting power comes online, you'll see blocks executing again.

Details of Upgrade Time

When the network reaches the halt height, the Secret Network blockchain will be halted and validators will need to take action to upgrade the chain to the secretd v1.13 binary (be it manually or automatically).

The upgrade is anticipated to take approx 30 minutes, during which time, there will not be any on-chain activity on the network.

In Case of an Upgrade Failure

In the event of an issue at upgrade time, we should coordinate via the "SN Validators" Telegram group.

If as a result of a software bug the network fails to produce new blocks with the v1.13 binaries, the SCRT Labs team will distribute a v1.12 binary with a replacement v1.13 upgrade handler, which will allow the chain to revert to v1.12 while continuing to produce new blocks.

🔧
🆙
backup your validator