Skip to main content

Validator Keys

After installing the Operator Service, you need to generate validator keystores for your Vault. These keystores contain the cryptographic keys that your validators will use to sign attestations and propose blocks on the Ethereum network.

The Operator Service provides built-in functionality to generate validator keys and keystores. Alternatively, you may use external tools such as Wagyu Keygen ↗ to generate keystores.

This section walks you through the validator key generation process using the Operator Service built-in tools.

🔑 Validator Keys Setup

📝 Initialize Mnemonic ↓ 🔐 Generate Validator Keys → 📁 Keystores + 🔑 Passwords ↓ ✅ Import Keys to Consensus Client

Step 1: Initialize Mnemonic

IconInitialize Configuration

Run the init command to set up your mnemonic used to derive your validator keys.

For example, if running Operator Service from binary:

./operator init

Follow the command prompts.

Example Output
Enter the network name (mainnet, hoodi, gnosis, chiado) [mainnet]:
Enter your vault address: 0xF82f6E46d0d0a9536b9CA4bc480372EeaFcd9E6c
Choose your mnemonic language (chinese_simplified, chinese_traditional, czech, english, italian, korean, portuguese, spanish) [english]:

This is your seed phrase. Write it down and store it safely, it is the ONLY way to recover your validator keys.

fish monster write banner tired laptop slender ...

Press any key when you have written down your mnemonic.

Please type your mnemonic (separated by spaces) to confirm you have written it down

: fish monster write banner tired laptop slender ...

done.
Successfully initialized configuration for StakeWise operator
IconImportant Security Notice

Keep your mnemonic safe. It is the only way to recover your validator keys.

Step 2: Generate Validator Keys

Generate validator keystores from your mnemonic using:

./operator create-keys

Follow the command prompts.

Example Output

Enter the number of the validator keys to generate: 3
Enter the mnemonic for generating the validator keys: fish monster write banner tired laptop slender ...
Enter the vault address: 0xF82f6E46d0d0a9536b9CA4bc480372EeaFcd9E6
Creating validator keys: [####################################] 3/3
Exporting validator keystores [####################################] 3/3

Done. Generated 3 keys for StakeWise operator.
Keystores saved to ~/.stakewise/0xf82f6e46d0d0a9536b9ca4bc480372eeafcd9e6c/keystores file
IconKeystore Locations
  • Keystores are saved to ~/.stakewise/[vault address]/keystores
  • Default: A single password.txt file contains the password for all generated keystores
  • Per-keystore option: Use the --per-keystore flag to generate individual password files for each keystore (e.g., keystore-001.txt, keystore-002.txt, etc.)
IconImportant

Protect your password files as carefully as your keystores — anyone with access to them can decrypt your keys. This applies to both the single password.txt file and individual per-keystore password files.

You can always add more validator keys to your Vault. For that, you need to generate new validator keys.

Step 3: Import Validator Keys

Upload your keystores into your validator client:

  1. Locate your keystores in ~/.stakewise/[vault address]/keystores
  2. Follow your consensus client's guide for importing keys
  3. Use the password from password.txt file
  4. Start the validator client with attached validator keys.
IconFee Recipient Configuration Required

You must use the "Block reward recipient" address from the "Details" section on the Vault page as the suggested-fee-recipient in your validator client. An incorrect value will result in penalties for your Vault in the Smoothing Pool and will trigger a warning on the Vault page, alerting users to an invalid validator setup.

Alternative Key Management

Validator keystores don't need to be stored locally. You can instead use:

Next Steps

With your validator keys generated and imported, continue to Validators Manager → to create your operator wallet and configure the necessary Vault permissions for validator management.