fboucquez
commented
3 years ago Hi @meyns , the main private key is used to create the server certificate, not just for the link/enroll commands.
1) create your preset encrypted in your local dev machine. 2) set privateKeySecurityMode: PROMPT_MAIN 3) run config and compose 4) zip the target folder without the custom preset. 5) Send the target folder zip to your node, unzip and run bootstrap or docker.
The main private key will never be in the node machine. You can run the link/enroll commands from your dev machine using --useKnownRestGateways.
If you set up a symbol node using symbol-bootstrap it requires the main account private key during config. Eather it makes it itself if no main account is specified in a custom yml file, or when the main account public key is provided it still requires the private key to setup the node. In my understanding the private key is only needed for the link transaction (and the enrol transaction when a supernode is needed). And if the main account is a multisig wallet, then the main account private key won't even be used for that transaction. The link transactions can be done in the desktop wallet and the enrol transaction should not be too difficult to implement as well.
Suggestion: Make it possible to set up and run a node from a main account public key without entering the private key