Ledger Security Register – DATU Validator Keys¶
Updated: 2025-10-11
This register documents the provenance for every validator keypair referenced by the local network foundation configuration. The metadata captures HSM slot assignments, custodial contacts, and a SHA-256 digest of the exported seed so the governance working group can validate quorum membership without copying private material into the repository.
| Validator | Tier | HSM Slot | Key Version | Seed Digest (SHA-256) | Custodian | Contact |
|---|---|---|---|---|---|---|
datu-tier0-foundation |
Tier 0 | slot-01 |
v3 |
4695fbe69acd8a650ffd5a395f325192b5f09edca208f266332b8199dd6cee7f |
Foundation Steward Ops | ops-steward@datu.foundation |
datu-tier1-east |
Tier 1 | slot-11 |
v2 |
4d042a7bbac83fdda73ec64d50cb9d0dd17f4e023006b263c329af9555b6e0fc |
Government Agency East | east-network@datu.foundation |
datu-tier1-west |
Tier 1 | slot-12 |
v2 |
031516286e2ed15e818b2bd55d96ed15a53d91a901bedcb2fc04a23341ecdff9 |
Government Agency West | west-network@datu.foundation |
datu-tier1-south |
Tier 1 | slot-13 |
v1 |
1b91b3d8048698ae8374ca95d3b99c0ac70351687d83883838546eda9efc03e4 |
Civic Oversight Coalition | south-ops@datu.foundation |
datu-tier2-audit |
Tier 2 | slot-21 |
v1 |
2189559ccecfbd44bd9f14dc2007cc2c1751e19fd192ffd76225b6a23cebca0d |
Independent Audit Partner | audit-relations@datu.foundation |
Handling Guidelines¶
- Seed material stays within the HSM boundary; the register records non-sensitive hashes so auditors can verify matching exports during periodic reviews.
- Custodians confirm ownership quarterly and update the
Key Versioncolumn whenever a rotation occurs. Historical versions remain stored in the internal change-management system. - When onboarding a new validator operator, append the entry here and cross-link it from the Phase 1 checklist to keep mobilisation stakeholders informed.
The register complements the validator configuration snapshot and should be updated alongside any quorum or validator metadata change.