Security Clarification - keys and certs - Pls audit me?

Hey all,

Long-time developer, but a new operator here. :slight_smile:

I just finished setting up my ada stakepool and have some security clarification questions. Can you audit my practices? :wink: On my block producer node here are the current files:

Am I correct in understanding that I can now remove the kes.vkey and vrf.vkey from this machine? The address files remain I assume? Can I remove the stake.cert and pool.cert files from this block producer node as well? What else can I remove here now that it’s working?

On my relay node I have no keys or address files so I believe this is good?

Here is my cold air-gapped machine cardano node:

Can someone audit me on what needs to be removed from this image above?

I also have these files in my cold keys dir on the air-gapped machine, which I believe remain there and stay offline, yes?
Screen Shot 2021-02-25 at 11.23.49 AM :

Thank you kindly for the clarification