Alternative Key Management

Validator keystores don’t need to be stored locally — you may prefer to manage them externally for better security or flexibility.

If you want to keep signing keys off the Operator machine, the remote signer mode delegates all signing to an external service like Web3Signer ↗ while the Operator handles everything else. For teams already using HashiCorp Vault ↗, you can load signing keys directly from a remote K/V secret engine — after loading, the Operator behaves as if the keys were local.

For full separation, Relayer (API Mode) moves both keystores and the Validators Manager wallet outside the Operator entirely. An external Relayer service handles all signing and key operations via API calls, which is useful for multi-signature setups, HSM integrations, or DVT infrastructure.