Which keys and certificates we have to keep safe?

Staking & Delegation Operate a Stake Pool
1

Hi,
I’m a bit confused with keys and certificates used in the staking pool process.
After setting up a staking pool which keys and certificates we have to keep in a safe place so no one can access our pool and our staking?
I made setup of pool as per this doc.
Here is the list of keys and certificates that I used for the staking pool.
List of Keys :

  1. payment.skey
  2. payment.vkey
  3. stake.skey
  4. stake.vkey
  5. kes.skey
  6. kes.vkey
  7. vrf.skey
  8. vrf.vkey
  9. cold.skey
  10. cold.vkey

List of Certificates :

  1. stake.cert
  2. delegation.cert
  3. node.cert(for blockproducer node and relay node).

Let me know If I am missing any key/certificates in the list.

2

Hi!

There is a description about this method:

https://docs.cardano.org/projects/cardano-node/en/latest/stake-pool-operations/node_keys.html#basic-block-producing-node-firewall-configuration

unfortunately this section not mentioning the payment.skey should be stored in cold env as well:
https://docs.cardano.org/projects/cardano-node/en/latest/stake-pool-operations/keys_and_addresses.html

3

It’s all about securing keys but what about certificates? Can anyone be able to access our nodes if they get certificates?

4

yes they can…
but till the kes period - after that you need to create a new node cert, but that method need the keys…
https://docs.cardano.org/projects/cardano-node/en/latest/stake-pool-operations/KES_period.html
Also if you register a new cert then the previous one will deactivated automatically as this post suggests: VRFKeyWrongVRFKeyOVERLAY, couldnt mint our block - #18 by Triton-pool