StakeWise V3
  • Main Hub
  • Guides
    • Staking
    • Running a Vault
    • osToken
    • DeFi
      • SWISE-ETH Liquidity Pool
    • StakeWise V2
      • Migrate to StakeWise V3 on Ethereum
      • Migrate to StakeWise V3 on Gnosis Chain
      • Change solo withdrawal credentials to 0x01 address
        • Using Ledger Nano X
        • Using Windows
        • Using macOS
      • Exit solo validator
  • Protocol overview (in-depth)
    • Introduction
    • Vaults
    • osToken
    • Fees
    • Oracles
  • For operators
    • Operator Service
      • Running with Remote Signer
      • Running with Hashi Vault
      • Running as API service
      • Monitoring
    • Kubernetes staking setup
    • Smoothing Pool relays
    • Migrate from V2
      • Ethereum
      • Gnosis
    • DVT
      • Running operator with DVT
    • Vault incentives
    • Vault performance
  • For developers
    • Create a Vault
    • Stake
    • Unstake
    • Oracles
    • Contributions
    • Networks
      • Gnosis
      • Mainnet
      • Hoodi
      • Chiado
  • Governance
    • StakeWise DAO
    • DAO Treasury
Powered by GitBook
On this page
  • Prerequisite
  • start options for hashi vault
  1. For operators
  2. Operator Service

Running with Hashi Vault

PreviousRunning with Remote SignerNextRunning as API service

Last updated 1 year ago

Operator supports loading signing keys from remote instance, avoiding storage of keystores on the filesystem. This approach is best suited for node operators who already have most of Stakewise Operator functionality implemented in their systems, and only need integration for validator registration or pooling support. Regular users should only employ this functionality on their own risk, if they already manage a deployment of hashi vault.

Prerequisite

Complete the following steps before proceeding:

Currently there are two commands that support loading signing keys: start and validators-exit, user must provide hashi vault instance URL, authentication token, and secret path in K/V engine. Internal structure of the secret must resemble following json:

{
  "pubkey1": "privkey1",
  "pubkey2": "privkey2",
  ...
}

Note that public and private signing keys must be stored in hex form, with or without 0x prefix.

After loading keys from hashi vault, operator behaves in the same way as if it had loaded them from keystores, no additional operations needed to support the integration.

start options for hashi vault

Passing following options to start command will enable loading validator signing keys from remote . Make sure keystores directory is empty before running this command, otherwise operator will prefer local keystores.

  • --hashi-vault-url - URL to the remote hashi vault instance

  • --hashi-vault-token - Token for use when authenticating with hashi vault

  • --hashi-vault-key-path - Key path in hashi vault K/V engine holding signing secrets

Hashi Vault
Install Operator Service
Prepare Operator Service
Update deposit data file to the Vault
Hashi Vault