Which keys and certificates we have to keep safe?

I’m a bit confused with keys and certificates used in the staking pool process.
After setting up a staking pool which keys and certificates we have to keep in a safe place so no one can access our pool and our staking?
I made setup of pool as per this doc.
Here is the list of keys and certificates that I used for the staking pool.
List of Keys :

  1. payment.skey
  2. payment.vkey
  3. stake.skey
  4. stake.vkey
  5. kes.skey
  6. kes.vkey
  7. vrf.skey
  8. vrf.vkey
  9. cold.skey
  10. cold.vkey

List of Certificates :

  1. stake.cert
  2. delegation.cert
  3. node.cert(for blockproducer node and relay node).

Let me know If I am missing any key/certificates in the list.


There is a description about this method:


unfortunately this section not mentioning the payment.skey should be stored in cold env as well:

It’s all about securing keys but what about certificates? Can anyone be able to access our nodes if they get certificates?

yes they can…
but till the kes period - after that you need to create a new node cert, but that method need the keys…
Also if you register a new cert then the previous one will deactivated automatically as this post suggests: VRFKeyWrongVRFKeyOVERLAY, couldnt mint our block - #18 by Triton-pool