DATU Validator Onboarding Packet¶
Revision: 2025-10-12
Welcome to the DATU validator program. This packet consolidates the minimum artefacts a new operator needs to join the Phase 1 consensus network foundation safely. Share the packet internally with your operations, security, and compliance teams.
1. Contacts & Access¶
| Role | Name | Contact | Notes |
|---|---|---|---|
| Steering committee liaison | Sofia Ramirez | governance@datu.foundation | Approvals, policy clarifications. |
| Validator operations lead | Malik Okoro | validators@datu.foundation | Technical onboarding and runbooks. |
| Security incident commander | Priya Chen | security@datu.foundation | Emergency coordination. |
| Compliance liaison | Helena Ibarra | compliance@datu.foundation | Regulatory attestations and audits. |
Access prerequisites:
- Submit operator details to the steering committee for KYC/KYB vetting.
- Provide SSH fingerprints for bastion hosts and list HSM custodians.
- Sign the validator participation agreement and confidentiality addendum.
2. Environment Setup Checklist¶
| Step | Description | Artefact |
|---|---|---|
| 1 | Clone the DATU Stellar fork repository and review infrastructure/stellar-fork/README.md. |
Git clone instructions |
| 2 | Install Docker Engine 24+ and Docker Compose v2. | Local environment |
| 3 | Request access to the private container registry (registry.datu.foundation). |
Credential request |
| 4 | Import the validator-specific stellar-core.cfg and Soroban overrides supplied separately. |
Secure file transfer |
| 5 | Validate outbound connectivity to Tier 0/Tier 1 peers (TCP 11625/11626). | Network checklist |
| 6 | Configure monitoring endpoints to reach the shared Prometheus + alerting stack. | Observability instructions |
All secrets (passphrases, HSM credentials) must be stored in your organisation's approved secret management system. Do not commit secrets back into this repository.
3. Quorum Participation¶
- Bootstrap – Launch the container profile using
./scripts/stellar-fork/start.sh --with-validators. Confirm your validator's container logs showLoaded peer certificateandParticipating in SCP. - History Archive – Configure your S3 bucket or equivalent storage according to
infrastructure/stellar-fork/config/history-archives.md(template provided). Validatestellar-core http-command historyreturnsSuccess. - Soroban Settings – Ensure
soroban.tomlvalues match those published in the Phase 1 execution brief. - HSM Integration – Mount the HSM client libraries and expose the PKCS#11 URI or
SIGNING_KEY_SEED_PATHvia environment variables. Runscripts/stellar-fork/hsm-smoketest.shto confirm the container can read your credentials and initialisestellar-core.
4. Compliance Requirements¶
| Requirement | Evidence | Submission Path |
|---|---|---|
| Quarterly attestation | Signed statement confirming controls were tested. | Upload to compliance tracker under your validator ID. |
| Incident reporting | Notify within 1 hour of suspected compromise. | Email security@datu.foundation and page incident commander. |
| Data retention | Follow the artifact retention policy. | Quarterly audit review. |
| Public transparency | Provide status updates for inclusion in public reports. | Governance liaison collects updates monthly. |
5. Support & Escalation¶
- Operational issues – Open a ticket in the validator support desk (
https://support.datu.foundation) and page the on-call engineer via Opsgenie if SLA breach is imminent. - Security incidents – Engage the security incident commander immediately and follow the Validator Key Rotation Playbook if keys are impacted.
- Documentation gaps – Submit pull requests or file an issue tagged
docsin the repository. The documentation team reviews weekly.
6. Checklist for Go-Live¶
| Item | Owner | Status |
|---|---|---|
| Connectivity to peers validated | Validator operator | ☐ |
| History archive catchup successful | Validator operator | ☐ |
| HSM signing smoke test passed | Security engineer | ☐ |
| Compliance attestation submitted | Compliance liaison | ☐ |
| Monitoring dashboards accessible | Observability team | ☐ |
Once all items are marked complete, notify the validator operations lead to schedule your inclusion in the next quorum rehearsal.
Document Control – Store the signed acknowledgement page with your internal compliance records. Proposed updates should be submitted via pull request with approvals from validator operations and compliance leads.