Use multiple signing keys
EthSigner supports transaction signing using multiple stored keys. Any account submitting transactions to EthSigner can use the stored keys. The keys can be stored in:
- A V3 keystore file stored on a file system accessible by the host.
- A HashiCorp Vault.
- An Azure Key Vault.
The ability to use multiple signing keys should be limited to the accounts with access to the stored keys.
Each key requires a separate TOML file that defines the parameters to access the key. The TOML files must be placed in a single directory specified using the multikey-signer --directory
subcommand.
Files can be added or removed from the directory without needing to restart EthSigner.
The TOML file name must use the format [<prefix>]<accountAddress>.toml
. The account address must be in lowercase. The prefix can be anything you want. No two TOML files can have the same key address in the file name, even if the prefix differs.
Remove the 0x
portion of the account address. For example, 78e6e236592597c09d5c137c2af40aecd42d12a2.toml
.
Use the export-address
Hyperledger Besu subcommand to obtain the account address of the node.