Skip to content
You are reading Web3Signer development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Subcommands

The Web3Signer subcommands are used to specify the platform being used:

  • web3signer [Options] eth2 [Eth2 Options]
  • web3signer [Options] eth2 export [Eth2 Export Options]
  • web3signer [Options] eth2 import [Eth2 Import Options]
  • web3signer [Options] eth1
  • web3signer [Options] filecoin [Filecoin Options]

Specifying subcommand options

The subcommand must be specified on the command line, but the subcommand options can be specified:

For example, you can set the options for the filecoin subcommand in an environment variables export WEB3SIGNER_FILECOIN_NETWORK=TESTNET, but the subcommand must be specified in the command line

Example

web3signer --key-store-path=/Users/me/keyFiles/ filecoin

Environment variables

For each subcommand option, the equivalent environment variable is:

  • Upper-case
  • _ replaces -
  • Has a WEB3SIGNER_ + <SIGNING_OPTION>_ prefix. For example set filecoin --network using the WEB3SIGNER_FILECOIN_NETWORK environment variable.

Note

Only subcommand options can be set in environment variables. The actual subcommand must be specified in the command line.

View help

To view the command line help for the subcommands:

Options

eth1

eth2

azure-vault-enabled

--azure-vault-enabled=<BOOLEAN>

--azure-vault-enabled=true

WEB3SIGNER_ETH2_AZURE_VAULT_ENABLED=true

eth2.azure-vault-enabled: true

Allow Web3Signer to bulk load all keys from the specified Azure Vault.

azure-client-id

--azure-client-id=<STRING>

--azure-client-id=87efaa5b-4029-4b54-98bb2e2e8a11

WEB3SIGNER_ETH2_AZURE_CLIENT_ID=87efaa5b-4029-4b54-98bb2e2e8a11

eth2.azure-client-id: "87efaa5b-4029-4b54-98bb2e2e8a11"

ID used to authenticate with Azure Key Vault.

Required when --azure-vault-auth-mode is CLIENT_SECRET or USER_ASSIGNED_MANAGED_IDENTITY.

azure-client-secret

--azure-client-secret=<STRING>

--azure-client-secret=0DgK4V_YA99RPk7.f_1op0-em_a46wSe.Z

WEB3SIGNER_ETH2_AZURE_CLIENT_SECRET=0DgK4V_YA99RPk7.f_1op0-em_a46wSe.Z

eth2.azure-client-secret: "0DgK4V_YA99RPk7.f_1op0-em_a46wSe.Z"

The secret used to access the vault along with the ID specified in azure-client-id.

azure-tenant-id

--azure-tenant-id=<STRING>

--azure-tenant-id=34255fb0-379b-4a1a-bd47-d211ab86df81

WEB3SIGNER_ETH2_AZURE_TENANT_ID=34255fb0-379b-4a1a-bd47-d211ab86df81

eth2.azure-tenant-id: "34255fb0-379b-4a1a-bd47-d211ab86df81"

The tenant ID of the Azure Portal instance being used.

azure-vault-auth-mode

--azure-vault-auth-mode=<STRING>

--azure-vault-auth-mode=USER_ASSIGNED_MANAGED_IDENTITY

WEB3SIGNER_ETH2_AZURE_VAULT_AUTH_MODE=USER_ASSIGNED_MANAGED_IDENTITY

eth2.azure-vault-auth-mode: "USER_ASSIGNED_MANAGED_IDENTITY"

Authentication mode for Azure Vault. Options are CLIENT_SECRET, SYSTEM_ASSIGNED_MANAGED_IDENTITY, and USER_ASSIGNED_MANAGED_IDENTITY. Defaults to CLIENT_SECRET.

Set --azure-client-id if using CLIENT_SECRET or USER_ASSIGNED_MANAGED_IDENTITY.

azure-vault-name

--azure-vault-name=<STRING>

--azure-vault-name=AzureKeyVault

WEB3SIGNER_ETH2_AZURE_VAULT_NAME=AzureKeyVault

eth2.azure-vault-name: "AzureKeyVault"

Name of the vault to access. Sub-domain of vault.azure.net.

slashing-protection-db-password

--slashing-protection-db-password=<PASSWORD>

--slashing-protection-db-password=changeme

WEB3SIGNER_ETH2_SLASHING_PROTECTION_DB_PASSWORD=change

eth2.slashing-protection-db-password: "changeme"

The password to connect to the slashing protection database.

slashing-protection-db-url

--slashing-protection-db-url=<JDBC_URL>

--slashing-protection-db-url=jdbc:postgresql://localhost/web3signer

WEB3SIGNER_ETH2_SLASHING_PROTECTION_DB_URL=jdbc:postgresql://localhost/web3signer

eth2.slashing-protection-db-url: "jdbc:postgresql://localhost/web3signer"

The Java Database Connectivity (JDBC) URL of the slashing protection database.

Note

If using a non-default port number for your PostgreSQL database, then include the port number in the database URL.

slashing-protection-db-username

--slashing-protection-db-username=<USERNAME>

--slashing-protection-db-username=postgres

WEB3SIGNER_ETH2_SLASHING_PROTECTION_DB_USERNAME=postgres

eth2.slashing-protection-db-username: "postgres"

The username to use when connecting to the slashing protection database.

slashing-protection-enabled

--slashing-protection-db-enabled=<BOOLEAN>

--slashing-protection-db-enabled=false

WEB3SIGNER_ETH2_SLASHING_PROTECTION_DB_ENABLED=false

eth2.slashing-protection-db-enabled: false

Enables Web3Signer slashing protection. If true, then all signing operations are validated against historical data before signing.

The default is true.

eth2 export

Exports the slashing protection database to a file.

to

--to=<FILE>

--to=/Users/me/my_node/interchange.json

WEB3SIGNER_ETH2_EXPORT_TO=/Users/me/my_node/interchange.json

eth2.export.to: /Users/me/my_node/interchange.json

The file to export the slashing protection database to. The exported file uses the validator client interchange format.

eth2 import

Import a slashing protection database from a file.

from

--from=<FILE>

--from=/Users/me/my_node/interchange.json

WEB3SIGNER_ETH2_IMPORT_FROM=/Users/me/my_node/interchange.json

eth2.import.from: /Users/me/my_node/interchange.json

The file to import the slashing protection database from. The file must be formatted in the validator client interchange format

filecoin

network

--network=<NETWORK>

--network=TESTNET

WEB3SIGNER_FILECOIN_NETWORK=TESTNET

filecoin.network: "TESTNET"

Predefined network configuration. Accepts a predefined network name. The default is TESTNET.

Questions or feedback? You can discuss issues and obtain free support on Web3Signer Discord channel.
For paid professional support by Consensys, contact us at [email protected]