diff --git a/cmd/harmony/bls.go b/cmd/harmony/bls.go
index 3c5ce1494..03e4c6383 100644
--- a/cmd/harmony/bls.go
+++ b/cmd/harmony/bls.go
@@ -8,6 +8,8 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/harmony-one/harmony/internal/cli"
+
 	"github.com/harmony-one/harmony/internal/blsgen"
 	nodeconfig "github.com/harmony-one/harmony/internal/configs/node"
 	"github.com/harmony-one/harmony/multibls"
@@ -18,7 +20,6 @@ var (
 	blsFolder         = flag.String("blsfolder", ".hmy/blskeys", "The folder that stores the bls keys and corresponding passphrases; e.g. <blskey>.key and <blskey>.pass; all bls keys mapped to same shard")
 	maxBLSKeysPerNode = flag.Int("max_bls_keys_per_node", 10, "Maximum number of bls keys allowed per node (default 4)")
 
-	// TODO(jacky): rename it to a better name with cobra alias
 	blsPass         = flag.String("blspass", "default", "The source for bls passphrases. (default, no-prompt, prompt, file:$PASS_FILE, none)")
 	persistPass     = flag.Bool("save-passphrase", false, "Whether the prompt passphrase is saved after prompt.")
 	awsConfigSource = flag.String("aws-config-source", "default", "The source for aws config. (default, prompt, file:$CONFIG_FILE, none)")
@@ -29,6 +30,115 @@ var (
 	onceLoadBLSKey sync.Once
 )
 
+var blsFlags = []cli.Flag{
+	blsDirFlag,
+	blsKeyFilesFlag,
+	maxBLSKeyFilesFlag,
+	passEnabledFlag,
+	passSrcTypeFlag,
+	passSrcFileFlag,
+	passSaveFlag,
+	kmsEnabledFlag,
+	kmsConfigSrcTypeFlag,
+	kmsConfigFileFlag,
+	legacyBLSKeyFileFlag,
+	legacyBLSFolderFlag,
+	legacyBLSKeysPerNodeFlag,
+	legacyBLSPassFlag,
+	legacyBLSPersistPassFlag,
+	legacyKMSConfigSourceFlag,
+}
+
+var (
+	blsDirFlag = cli.StringFlag{
+		Name:     "bls.dir",
+		Usage:    "directory for BLS keys",
+		DefValue: defaultConfig.BLSKeys.KeyDir,
+	}
+	blsKeyFilesFlag = cli.StringSliceFlag{
+		Name:     "bls.keys",
+		Usage:    "a list of BLS key files (separated by ,)",
+		DefValue: defaultConfig.BLSKeys.KeyFiles,
+	}
+	// TODO: shall we move this to a hard coded parameter?
+	maxBLSKeyFilesFlag = cli.IntFlag{
+		Name:     "bls.maxkeys",
+		Usage:    "maximum number of BLS keys for a node",
+		DefValue: defaultConfig.BLSKeys.MaxKeys,
+	}
+	passEnabledFlag = cli.BoolFlag{
+		Name:     "bls.pass",
+		Usage:    "whether BLS key decryption with passphrase is enabled",
+		DefValue: defaultConfig.BLSKeys.PassEnabled,
+	}
+	passSrcTypeFlag = cli.StringFlag{
+		Name:     "bls.pass.src",
+		Usage:    "source for BLS passphrase (auto, file, prompt)",
+		DefValue: defaultConfig.BLSKeys.PassSrcType,
+	}
+	passSrcFileFlag = cli.StringFlag{
+		Name:     "bls.pass.file",
+		Usage:    "the pass file used for BLS decryption. If specified, this pass file will be used for all BLS keys",
+		DefValue: defaultConfig.BLSKeys.PassFile,
+	}
+	passSaveFlag = cli.BoolFlag{
+		Name:     "bls.pass.save",
+		Usage:    "after input the BLS passphrase from console, whether to persist the input passphrases in .pass file",
+		DefValue: defaultConfig.BLSKeys.SavePassphrase,
+	}
+	kmsEnabledFlag = cli.BoolFlag{
+		Name:     "bls.kms",
+		Usage:    "whether BLS key decryption with AWS KMS service is enabled",
+		DefValue: defaultConfig.BLSKeys.KMSEnabled,
+	}
+	kmsConfigSrcTypeFlag = cli.StringFlag{
+		Name:     "bls.kms.src",
+		Usage:    "the AWS config source (region and credentials) for KMS service (shared, prompt, file)",
+		DefValue: defaultConfig.BLSKeys.KMSConfigSrcType,
+	}
+	kmsConfigFileFlag = cli.StringFlag{
+		Name:     "bls.kms.config",
+		Usage:    "json config file for KMS service (region and credentials)",
+		DefValue: defaultConfig.BLSKeys.KMSConfigFile,
+	}
+	legacyBLSKeyFileFlag = cli.StringSliceFlag{
+		Name:       "blskey_file",
+		Usage:      "The encrypted file of bls serialized private key by passphrase.",
+		DefValue:   defaultConfig.BLSKeys.KeyFiles,
+		Deprecated: "use --bls.keys",
+	}
+	legacyBLSFolderFlag = cli.StringFlag{
+		Name:       "blsfolder",
+		Usage:      "The folder that stores the bls keys and corresponding passphrases; e.g. <blskey>.key and <blskey>.pass; all bls keys mapped to same shard",
+		DefValue:   defaultConfig.BLSKeys.KeyDir,
+		Deprecated: "use --bls.dir",
+	}
+	legacyBLSKeysPerNodeFlag = cli.IntFlag{
+		Name:       "max_bls_keys_per_node",
+		Usage:      "Maximum number of bls keys allowed per node (default 4)",
+		DefValue:   defaultConfig.BLSKeys.MaxKeys,
+		Deprecated: "use --bls.maxkeys",
+	}
+	legacyBLSPassFlag = cli.StringFlag{
+		Name:       "blspass",
+		Usage:      "The source for bls passphrases. (default, stdin, no-prompt, prompt, file:$PASS_FILE, none)",
+		DefValue:   "default",
+		Deprecated: "use --bls.pass, --bls.pass.src, --bls.pass.file",
+	}
+	legacyBLSPersistPassFlag = cli.BoolFlag{
+		Name:       "save-passphrase",
+		Usage:      "Whether the prompt passphrase is saved after prompt.",
+		DefValue:   defaultConfig.BLSKeys.SavePassphrase,
+		Deprecated: "use --bls.pass.save",
+	}
+	legacyKMSConfigSourceFlag = cli.StringFlag{
+		Name:       "aws-config-source",
+		Usage:      "The source for aws config. (default, prompt, file:$CONFIG_FILE, none)",
+		DefValue:   "default",
+		Deprecated: "use --bls.kms, --bls.kms.src, --bls.kms.config",
+	}
+)
+
 // setupConsensusKeys load bls keys and set the keys to nodeConfig. Return the loaded public keys.
 func setupConsensusKeys(config *nodeconfig.ConfigType) multibls.PublicKeys {
 	onceLoadBLSKey.Do(func() {
diff --git a/cmd/harmony/config.go b/cmd/harmony/config.go
index d582c36d1..4ab5860f3 100644
--- a/cmd/harmony/config.go
+++ b/cmd/harmony/config.go
@@ -19,6 +19,19 @@ var defaultConfig = hmyConfig{
 		IP:      "127.0.0.1",
 		Port:    nodeconfig.DefaultRPCPort,
 	},
+	BLSKeys: blsConfig{
+		KeyDir:   "./hmy/blskeys",
+		KeyFiles: nil,
+		MaxKeys:  10,
+
+		PassEnabled:      true,
+		PassSrcType:      "auto",
+		PassFile:         "",
+		SavePassphrase:   false,
+		KMSEnabled:       false,
+		KMSConfigSrcType: "shared",
+		KMSConfigFile:    "",
+	},
 }
 
 type hmyConfig struct {
@@ -27,7 +40,7 @@ type hmyConfig struct {
 	P2P       p2pConfig
 	RPC       rpcConfig
 	Consensus consensusConfig
-	BLSKey    blsConfig
+	BLSKeys   blsConfig
 	TxPool    txPoolConfig
 	Storage   storageConfig
 	Pprof     pprofConfig
@@ -60,15 +73,18 @@ type consensusConfig struct {
 }
 
 type blsConfig struct {
-	KeyDir     string
-	KeyFiles   []string
-	maxBLSKeys int
-
-	PassSrcType      string
-	PassFile         string
-	SavePassphrase   bool
-	KmsConfigSrcType string
-	KmsConfigFile    string
+	KeyDir   string
+	KeyFiles []string
+	MaxKeys  int
+
+	PassEnabled    bool
+	PassSrcType    string
+	PassFile       string
+	SavePassphrase bool
+
+	KMSEnabled       bool
+	KMSConfigSrcType string
+	KMSConfigFile    string
 }
 
 type txPoolConfig struct {
diff --git a/cmd/harmony/config_test.go b/cmd/harmony/config_test.go
index 80c7c5668..68fb553a0 100644
--- a/cmd/harmony/config_test.go
+++ b/cmd/harmony/config_test.go
@@ -41,8 +41,8 @@
 //		PassSrcType:      "auto",
 //		PassFile:         "pass.file",
 //		SavePassphrase:   true,
-//		KmsConfigSrcType: "shared",
-//		KmsConfigFile:    "config.json",
+//		KMSConfigSrcType: "shared",
+//		KMSConfigFile:    "config.json",
 //	},
 //	TxPool: txPoolConfig{
 //		BlacklistFile:      ".hmy/blacklist.txt",
diff --git a/cmd/harmony/misc.go b/cmd/harmony/misc.go
index 1b3606e06..501220e8b 100644
--- a/cmd/harmony/misc.go
+++ b/cmd/harmony/misc.go
@@ -5,7 +5,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// miscFlags are legacy flags that have different usage.
+// miscFlags are legacy flags that have multiple usage.
 var miscFlags = []cli.Flag{
 	legacyPortFlag,
 }
@@ -19,7 +19,7 @@ var (
 	}
 )
 
-// TODO: move all port manipulation +500 -1000 logic here
+// TODO: move all port manipulation +500 -3000 logic here
 func applyMiscFlags(cmd *cobra.Command, config *hmyConfig) {
 	fs := cmd.Flags()
 
diff --git a/cmd/harmony/network.go b/cmd/harmony/network.go
index 1c9099a32..c2a6c6c34 100644
--- a/cmd/harmony/network.go
+++ b/cmd/harmony/network.go
@@ -34,6 +34,7 @@ var (
 		Name:  "dns.zone",
 		Usage: "use customized peers from the zone for state syncing",
 	}
+	// TODO: 9500 as default
 	dnsPortFlag = cli.IntFlag{
 		Name:     "dns.port",
 		DefValue: nodeconfig.DefaultDNSPort,
@@ -187,7 +188,7 @@ var rpcFlags = []cli.Flag{
 	rpcIPFlag,
 	rpcPortFlag,
 	legacyRPCIPFlag,
-	legacyPublicRPCFlag
+	legacyPublicRPCFlag,
 }
 
 var (