Key manager helps to manage validators keys in web3signer infrastructure.
See releases page to download and decompress the corresponding binary files.
The command encrypts and loads validator keys from keystore files into the database
./key-manager update-db --db-url postgresql://postgres:postgres@localhost:5432/web3signer --keystores-dir ./data/keystores --keystores-password-file ./data/keystores/password.txtLoading keystores... [####################################] 10/10
Encrypting database keys...
Generated 10 validator keys, upload them to the database? [Y/n]: Y
The database contains 10 validator keys.
Save decryption key: '<DECRYPTION KEYS>'
--keystores-dir- The directory with validator keys in the EIP-2335 standard. Defaults to ./data/keystores.--keystores-password-file- The path to file with password for encrypting the keystores. Defaults to ./data/keystores/password.txt.--db-url- The database connection address.--encryption-key- The key for encrypting database record. If you are upload new keystores use the same encryption key.--no-confirm- Skips confirmation messages when provided.
NB! You must store the decryption key in a secure place. It will allow you to upload new keystores in the existing database
Creates validator configuration files for Lighthouse, Prysm, and Teku clients to sign data using keys form database.
./key-manager sync-validatorEnter the recipient address for MEV & priority fees: 0xB31...1
Enter the endpoint of the web3signer service: https://web3signer-example.com
Enter the database connection string, ex. 'postgresql://username:pass@hostname/dbname': postgresql://postgres:postgres@localhost/web3signer
Enter the total number of validators connected to the web3signer: 30
Enter the validator index to generate the configuration files: 5
Done. Generated configs with 50 keys for validator #5.
Validator definitions for Lighthouse saved to data/configs/validator_definitions.yml file.
Signer keys for Teku\Prysm saved to data/configs/signer_keys.yml file.
Proposer config for Teku\Prysm saved to data/configs/proposer_config.json file.
--validator-index- The validator index to generate the configuration files.--total-validators- The total number of validators connected to the web3signer.--db-url- The database connection address.--web3signer-endpoint- The endpoint of the web3signer service.--fee-recipient- The recipient address for MEV & priority fees.--disable-proposal-builder- Disable proposal builder for Teku and Prysm clients.--output-dir- The directory to save configuration files. Defaults to ./data/configs.
The command is running by the init container in web3signer pods. Fetch and decrypt keys for web3signer and store them as keypairs in the output_dir.
Set DECRYPTION_KEY env, use value generated by update-db command
./key-manager sync-web3signerEnter the folder where web3signer keystores will be saved: /data/web3signer
Enter the database connection string, ex. 'postgresql://username:pass@hostname/dbname': postgresql://postgres:postgres@localhost/web3signer
Web3Signer now uses 7 private keys.
--db-url- The database connection address.--output-dir- The folder where Web3Signer keystores will be saved.--decryption-key-env- The environment variable with the decryption key for private keys in the database.