I have been playing around with cntools (Guild Operators Documentation) and the offline/hybrid mode, however I am not that happy with the security. Even using offline mode you end up with far too many keys and certs on the block producing node.
Do people use cntools in production on their block node and just delete keys after registering the pool or do they just do everything manually where you can do as much as possible offline?
The only other option I thought about is to have:
- block pool node
- hot private node
- cold offline node
Then you could run cntools on the hot private node and the cold offline node and just copy over the minimum keys/certs to the block node to run the stake pool.
Any thoughts?