cb47cce074
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
3.3 KiB
3.3 KiB
Web3Signer Key Setup Guide
Overview
Web3Signer is configured and running on VMID 107 (192.168.11.111:9000) with ChainID 138. This guide explains how to import and manage signing keys.
Prerequisites
- Web3Signer service running (✅ Verified)
- Signing keys (private keys or keystore files)
- Access to VMID 107
Key Storage Options
Option 1: File-Based Keys
Store keys in Web3Signer's data directory:
# SSH to Web3Signer VMID
ssh -i ~/.ssh/proxmox_translator root@192.168.11.111
# Web3Signer data directory
cd /opt/web3signer/data
# Create keys directory (if needed)
mkdir -p keys
# Copy your keystore files here
# Format: keystore-<identifier>.json
Option 2: HashiCorp Vault
Configure Web3Signer to use Vault as a key store (advanced).
Key Formats
Web3Signer supports:
- Keystore files: JSON keystore files (Ethereum format)
- Azure Key Vault: Azure Key Vault integration
- HashiCorp Vault: Vault integration
- AWS KMS: AWS Key Management Service
Importing Keystore Files
-
Prepare keystore files:
# Keystore files should be named: keystore-<identifier>.json # Example: keystore-translator-1.json -
Copy to Web3Signer data directory:
ssh -i ~/.ssh/proxmox_translator root@192.168.11.111 cd /opt/web3signer/data # Copy your keystore files here -
Restart Web3Signer (if needed):
systemctl restart web3signer -
Verify keys are loaded:
curl http://192.168.11.111:9000/api/v1/eth2/publicKeys # Or for ETH1: curl http://192.168.11.111:9000/api/v1/eth1/publicKeys
Listing Loaded Keys
# List ETH1 public keys
curl http://192.168.11.111:9000/api/v1/eth1/publicKeys
# List ETH2 public keys (if using ETH2)
curl http://192.168.11.111:9000/api/v1/eth2/publicKeys
Signing Transactions
The RPC Translator will automatically use Web3Signer for signing when:
eth_sendTransactionis called- The
fromaddress matches a key in Web3Signer - The transaction passes validation
Security Considerations
- Key Storage: Store keys securely (encrypted at rest if possible)
- Access Control: Restrict access to Web3Signer data directory
- Network Security: Web3Signer should only be accessible from translator services
- Backup: Regularly backup key files (encrypted)
- Rotation: Implement key rotation policies
Configuration
Current Web3Signer configuration:
- Host: 192.168.11.111
- Port: 9000
- ChainID: 138
- Data Path: /opt/web3signer/data
Troubleshooting
Keys Not Loading
# Check Web3Signer logs
journalctl -u web3signer -n 50
# Check data directory permissions
ls -la /opt/web3signer/data
Signing Failures
# Check Web3Signer status
curl http://192.168.11.111:9000/upcheck
# Check translator logs
ssh -i ~/.ssh/proxmox_translator root@192.168.11.240 "journalctl -u rpc-translator-138.service -n 50"
Next Steps
- Generate or import signing keys
- Copy keys to Web3Signer data directory
- Verify keys are loaded
- Test transaction signing via translator
References
- Web3Signer Documentation: https://docs.web3signer.consensys.net/
- Ethereum Keystore Format: https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition