# 💽 Ledger for Validator Key Management

#### How We Use Ledger in Our Validator Infrastructure

At VALIDEXIS, the security of our validators is our top priority.\
To ensure full protection of validator keys and prevent any form of unauthorized access, we use **Ledger hardware wallets (Nano S Plus, Nano X, or Stax)** for signing and managing validator operations.

Each validator key is stored exclusively on a dedicated Ledger device, isolated from our validator nodes.\
All transactions — whether staking, voting, or withdrawing rewards — are physically confirmed on the Ledger itself, which eliminates the risk of key exposure even if a node or workstation is compromised.

Our architecture follows a two-tier security model:

1. **Node layer** — servers with restricted access, running validator and CLI tools.
2. **Key management layer** — Ledger devices used only during manual transaction signing sessions.

This approach guarantees that private keys never leave the hardware wallet, providing a highly secure and verifiable signing environment.

***

### ⚙️ How to Set Up and Use Ledger for a Celestia Validator

#### 1. Prepare Your Ledger Device

1. **Install Ledger Live**
   * Download from the official Ledger website at [ledger.com](https://www.ledger.com/ledger-live)
   * Update your device firmware to the latest version.
2. **Create or Restore a Wallet**
   * Select *“Set up as new device”* or *“Restore from recovery phrase”*.
   * Carefully write down the 24-word recovery phrase and store it offline.
3. **Install the Celestia App**
   * In Ledger Live, go to **My Ledger** → **Install Apps**.
   * Search for *Celestia* and install the app.
   * Once installed, your Ledger is ready for Celestia operations.

***

#### 2. Connecting Ledger to a Celestia Wallet

**Option A — via Keplr Wallet**

1. Connect your Ledger to the computer and unlock it.
2. Open the *Celestia* app on your device.
3. Visit [Keplr Wallet](https://wallet.keplr.app/).
4. Click **“Import Ledger”** → select the *Celestia* network.
5. Approve the connection on the device.

Now your Celestia address is accessible in Keplr, and every transaction (delegation, reward claim, voting) must be confirmed directly on the Ledger.

***

**Option B — via CLI (Command Line Interface)**

1. **Install Celestia CLI**

   ```bash
   sudo apt install -y jq git curl build-essential
   git clone https://github.com/celestiaorg/celestia-app
   cd celestia-app && make install
   ```
2. **Connect your Ledger** and open the *Celestia* app.
3. **List available keys:**

   ```bash
   celestia-appd keys list --ledger
   ```
4. **Add a new Ledger-based key:**

   ```bash
   celestia-appd keys add wallet --ledger
   ```
5. **View your address:**

   ```bash
   celestia-appd keys show wallet --address
   ```
6. **Use Ledger for all signing operations:**
   * **Delegate tokens:**

     ```bash
     celestia-appd tx staking delegate <valoper_address> 1000000utia --from wallet --ledger
     ```
   * **Withdraw rewards:**

     ```bash
     celestia-appd tx distribution withdraw-rewards <valoper_address> --from wallet --ledger
     ```
   * **Vote on proposals:**

     ```bash
     celestia-appd tx gov vote 1 yes --from wallet --ledger
     ```

Each transaction must be physically confirmed on your Ledger device before broadcasting.

***

#### 3. Security Recommendations

* Never enter your seed phrase on a computer or online form.
* Avoid connecting Ledger to unknown or shared systems.
* Keep your hardware wallet and recovery phrase stored separately.
* Use a dedicated Ledger for each validator when possible.
* Maintain an offline backup of your seed phrase (paper or metal plate).

***

### 🧩 Benefits of Using Ledger for Validator Key Management

✅ Private keys remain fully isolated within the hardware wallet.\
✅ Even if a node or workstation is compromised, the attacker cannot sign transactions.\
✅ Seamless integration with CLI, Keplr, and other ecosystem tools.\
✅ Suitable for multiple networks — Celestia, Cosmos, Osmosis, and beyond.

***

📘 *Using Ledger for validator key management provides a robust, industry-grade approach to securing your blockchain infrastructure.*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://services.validexis.com/validator-security-our-approach-and-protection-measures/ledger-for-validator-key-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.