Backing up your Golem wallet

As you're probably aware, in the Ethereum universe, your funds are only as secure as the private key for the account that holds them. Because of that, to ensure that you don't lose access to your GLM/ETH tokens stored on your Golem account, you must be able to back up your Golem wallet and store the key in safe storage, separate from the node itself.

To create a backup of your Golem wallet, export the keystore with:

yagna id export --file-path=./key.json

The resultant key.json file in the directory you ran the command from will contain the private key for your Golem wallet.

Better yet, create a password-encrypted keystore. Yagna service allows it and it fundamentally improves the security of the funds kept in that exported wallet.

First, make sure that the key you're securing is indeed the one Yagna is currently configured to use:

yagna id show

The result should be something like:

---
Ok:
  alias: ~
  isDefault: true
  isLocked: false
  nodeId: "0x-the-hexadecimal-ethereum-address"

It's important to verify that the command shows you isDefault: true and isLocked: false and that the address shown by nodeId is the address you're expecting to see. isDefault: true means that the key for the address is currently in use by yagna and isLocked: false confirms that the private key is currently unlocked and accessible to the yagna node (trying to lock an already-locked key will result in an error).

To lock the key using your passphrase, issue the following command:

$ yagna id lock --new-password

You'll be asked for the passphrase twice and if the entries match, you'll receive a confirmation of the lock operation:

---
Ok:
  alias: ~
  isDefault: true
  isLocked: true
  nodeId: "0x-the-hexadecimal-ethereum-address"

Notice that isLocked is now set to true.

Now, issue the same export command that you'd use for an unprotected keystore:

yagna id export --file-path=./key.json

An arguably positive side effect of locking the key that way is that a yagna id unlock command will now be needed each time the yagna service is restarted. This means that no one can use your yagna node as a requestor without knowing your passphrase.

If, for some reason, you'd like to revert to an unprotected yagna key, unlock it using your saved passphrase and they lock it again using an empty one, that is run:

yagna id lock --new-password

and input an empty password (just press "Enter") twice. Now, Yagna will start with an unlocked key by default again.

Once the file is created, examine its contents and ensure that the address property in it is identical to the address of your node's Ethereum address. Normally there's no reason for this field to differ, but treat this step as a redundant check to ensure that you have backed up what you intended to back up.

To make it easier, here's a possible check:

$ cat ./key.json | grep address

To be entirely sure that your backup is correct, launch a completely new, separate yagna node from scratch on another machine and verify that it's possible to restore your wallet using this newly created keystore file.