# Wallet Allowlist Configuration ## Overview The RPC Translator supports wallet allowlisting to restrict which addresses can send transactions. This can be configured via environment variables or Vault. ## Configuration Methods ### Method 1: Environment Variable (Static) Edit `.env` file on each translator VMID: ```bash # SSH to translator VMID ssh -i ~/.ssh/proxmox_translator root@192.168.11.240 cd /opt/rpc-translator-138 nano .env # Add or update: WALLET_ALLOWLIST=0x1234567890123456789012345678901234567890,0xabcdefabcdefabcdefabcdefabcdefabcdefabcd # Restart service systemctl restart rpc-translator-138.service ``` ### Method 2: Vault (Dynamic) Store allowlist in Vault for centralized management: 1. **Store in Vault**: ```bash vault kv put secret/chain138/translator \ wallet_allowlist="0x1234...,0xabcd..." ``` 2. **Translator automatically loads from Vault** (if configured) ## Format - **Comma-separated**: Multiple addresses separated by commas - **No spaces**: `0xaddr1,0xaddr2` (not `0xaddr1, 0xaddr2`) - **Lowercase recommended**: Addresses are case-insensitive but lowercase is recommended ## Examples ### Single Address ``` WALLET_ALLOWLIST=0x1234567890123456789012345678901234567890 ``` ### Multiple Addresses ``` WALLET_ALLOWLIST=0x1234567890123456789012345678901234567890,0xabcdefabcdefabcdefabcdefabcdefabcdefabcd,0x9876543210987654321098765432109876543210 ``` ### Empty (Allow All) ``` WALLET_ALLOWLIST= ``` **Warning**: Empty allowlist allows all addresses. Use with caution in production. ## Verification After configuring, verify the allowlist is loaded: ```bash # Check translator logs ssh -i ~/.ssh/proxmox_translator root@192.168.11.240 "journalctl -u rpc-translator-138.service -n 50 | grep -i allowlist" # Test transaction from allowed address # Test transaction from non-allowed address (should be rejected) ``` ## Security Considerations 1. **Production**: Always configure allowlist in production 2. **Multiple Addresses**: Use multiple addresses for redundancy 3. **Rotation**: Update allowlist when keys are rotated 4. **Vault**: Use Vault for centralized management in multi-instance deployments ## Updating Allowlist ### For Environment Variable Method 1. Update `.env` file on each VMID 2. Restart service: `systemctl restart rpc-translator-138.service` 3. Verify: Check logs for allowlist loading ### For Vault Method 1. Update Vault secret 2. Service will reload on next transaction (or restart service) ## Current Configuration Check current allowlist configuration: ```bash # SSH to translator VMID ssh -i ~/.ssh/proxmox_translator root@192.168.11.240 cd /opt/rpc-translator-138 grep WALLET_ALLOWLIST .env ``` ## Next Steps 1. Generate or identify wallet addresses for signing 2. Configure allowlist in `.env` files or Vault 3. Restart translator services 4. Test transactions from allowed addresses 5. Verify transactions from non-allowed addresses are rejected