Start Web3Signer
This documentation has been updated in line with the name changes recommended by the Ethereum Foundation. The execution layer is formerly "Ethereum 1.0." The consensus layer is formerly "Ethereum 2.0."
Prerequisites:
- Signing key configuration files to access the required signing keys.
Web3Signer supports consensus layer clients, and execution layer clients, so you must specify the signing mode, and the location of the signing key configuration files when starting Web3Signer.
- Consensus layer client
- Execution layer client
web3signer --key-store-path=/Users/me/keyFiles/ eth2 --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" --slashing-protection-db-username=postgres --slashing-protection-db-password=password
web3signer --key-store-path=/Users/me/keyFiles/ eth1
In the command line:
- Use the
--key-store-path
option to specify the location of the signing key configuration files. - Specify the subcommand to indicate which signing mode to use.
Valid subcommands are
eth2
andeth1
. You can only specify one signing mode when starting Web3Signer.
Consensus layer considerations
Consensus layer slashing protection is enabled by default, and you must specify the details the
slashing protection database, or disable slashing protection using the
--slashing-protection-db-enabled
command line option.
Web3Signer also allows you to bulk load signing keys stored in Azure Key Vault.
Start the client, for example Teku by specifying the Web3Signer details.
If Teku connects to a network other than mainnet
, then the
--network
option must be specified, and it must match
the network used by the Teku client.
Public testnets
If you are running Web3Signer eth2
mode on a public testnet, then you must specify the network
option.
It's important that this network matches the one you set up for your validator client.
For example, if you have Teku set up to run on
Goerli
then you must configure Web3Signer with the Goerli network under the eth2
subcommand, as in the
following example.
web3signer --key-store-path=/Users/me/keyFiles/ eth2 --network=goerli --slashing-protection-db-url="jdbc:postgresql://localhost/web3signer" --slashing-protection-db-username=postgres --slashing-protection-db-password=password
See the --network
documentation for more information
about this option and the supported networks.
Confirm Web3Signer is running
Use the upcheck
endpoint to confirm Web3Signer is connected and running.
- curl request
- Result
curl -X GET http://localhost:9000/upcheck
200 OK
Web3Signer by default also performs a health check on the slashing protection database.