Subcommands¶
EthSigner signs transaction with a key stored in an encrypted file or an external vault. The EthSigner subcommands are used to specify the keys used to sign transactions:
ethsigner [Options] file-based-signer [File Options]ethsigner [Options] hashicorp-signer [Hashicorp Options]ethsigner [Options] azure-signer [Azure Options]ethsigner [Options] multikey-signer [Multikey Options]
The file-based-signer, hashicorp-signer, and azure-signer subcommands are used for single keys only, and the multikey-signer subcommand is used for one or more keys.
Important
Only one signing key subcommand can be used.
Specifying subcommand options¶
The subcommand to use must be specified on the command line, but the subcommand options can be specified:
- On the command line
- As environment variables
- In a TOML configuration file.
For example, you can set the options for the azure-signer subcommand in environment variables or a configuration file, but the subcommand must be specified in the command line
Example
ethsigner --config-file=./config.toml azure-signer
If you specify an option in more than one place, the order of priority is command line, environment variable, configuration file.
Environment variables¶
For each subcommand option, the equivalent environment variable is:
- Upper-case
_replaces-- Has an
ETHSIGNER_+<SIGNING_OPTION>_prefix. For example setazure-signer --client-idusing theETHSIGNER_AZURE_SIGNER_CLIENT_IDenvironment variable.
Note
Only subcommand options can be set in environment variables. The actual subcommand must be specified in the command line.
View help¶
To view the command line help for the subcommands:
ethsigner help file-based-signerethsigner help hashicorp-signerethsigner help azure-signerethsigner help multikey-signer
Options¶
file-based-signer¶
key-file¶
File containing key with which transactions are signed.
-k, --key-file=<keyFile>
--key-file=/Users/me/my_node/transactionKey
ETHSIGNER_FILE_BASED_SIGNER_KEY_FILE=/Users/me/my_node/transactionKey
file-based-signer.key-file="/Users/me/my_node/transactionKey"
password-file¶
File containing password for the key with which transactions are signed.
-p, --password-file=<passwordFile>
--password-file=/Users/me/my_node/password
ETHSIGNER_FILE_BASED_SIGNER_PASSWORD_FILE=/Users/me/my_node/password
file-based-signer.password-file="/Users/me/my_node/password"
hashicorp-signer¶
auth-file¶
File containing authentication data for HashiCorp Vault. The authentication data is the root token displayed by the HashiCorp Vault server.
--auth-file=<authFile>
--auth-file=/Users/me/my_node/auth_file
ETHSIGNER_HASHICORP_SIGNER_AUTH_FILE=/Users/me/my_node/auth_file
hashicorp-signer.auth-file="/Users/me/my_node/auth_file"
host¶
Host of the HashiCorp Vault server. Default is localhost.
--host=<serverHost>
--host="10.0.0.3"
ETHSIGNER_HASHICORP_SIGNER_HOST=10.0.0.3
hashicorp-signer.host="10.0.0.3"
port¶
Port of the HashiCorp Vault server. Default is 8200.
--port=<serverPort>
--port=23000
ETHSIGNER_HASHICORP_SIGNER_PORT=23000
hashicorp-signer.port=23000
signing-key-path¶
Path to secret in the HashiCorp Vault containing the private key for signing transactions. Default is /secret/data/ethsignerSigningKey.
--signing-key-path=<signingKeyPath>
--signing-key-path=/my_secret/ethsignerSigningKey
ETHSIGNER_HASHICORP_SIGNER_SIGNING_KEY_PATH=/my_secret/ethsignerSigningKey
hashicorp-signer.signing-key-path="/my_secret/ethsignerSigningKey"
timeout¶
Timeout in milliseconds for requests to the HashiCorp Vault server. Default is 10000.
--timeout=<timeout>
--timeout=5000
ETHSIGNER_HASHICORP_SIGNER_TIMEOUT=5000
hashicorp-signer.timeout=5000
tls-enabled¶
Connect to HashiCorp Vault server using TLS. Default is true.
--tls-enabled[=<true|false>]
--tls-enabled=false
ETHSIGNER_HASHICORP_SIGNER_TLS_ENABLED=false
hashicorp-signer.tls-enabled=false
tls-known-server-file¶
File containing the hostname, port, and SHA256 certificate fingerprint of the HashiCorp Vault server.
--tls-known-server-file=<hashicorpServerFile>
--tls-known-server-file=/Users/me/my_node/knownHashicorpServers
ETHSIGNER_HASHICORP_SIGNER_TLS_KNOWN_SERVER_FILE=/Users/me/my_node/knownHashicorpServers
hashicorp-signer.tls-known-server-file="/Users/me/my_node/knownHashicorpServers"
azure-signer¶
client-id¶
ID used to authenticate with Azure Key Vault.
--client-id=<clientID>
--client-id="MyClientID"
ETHSIGNER_AZURE_SIGNER_CLIENT_ID=MyClientID
azure-signer.client-id="MyClientID"
client-secret-path¶
Path to file containing secret used to access the vault.
--client-secret-path=<clientSecretPath>
--client-secret-path=/Path/MySecret
ETHSIGNER_AZURE_SIGNER_CLIENT_SECRET_PATH="/Path/MySecret"
azure-signer.client-secret-path=/Path/MySecret
key-name¶
Name of key to be used.
--key-name=<keyName>
--key-name="MyKey"
ETHSIGNER_AZURE_SIGNER_KEY_NAME=MyKey
azure-signer.key-name="MyKey"
key-version¶
Version of the specified key to use.
--key-version=<keyVersion>
--key-version="7c01fe58d68148bba5824ce418241092"
ETHSIGNER_AZURE_SIGNER_KEY_VERSION=7c01fe58d68148bba5824ce418241092
azure-signer.key-version="7c01fe58d68148bba5824ce418241092"
keyvault-name, key-vault-name¶
Name of the vault to access. Sub-domain of vault.azure.net.
--keyvault-name=<keyVaultName>
--keyvault-name="MyKeyVault"
ETHSIGNER_AZURE_SIGNER_KEY_VAULT_NAME=MyKeyVault
azure-signer.keyvault-name="MyKeyVault"
tenant-id¶
The tenant ID of the Azure Portal instance being used.
--tenant-id=<STRING>
--tenant-id=34255fb0-379b-4a1a-bd47-d211ab86df81
ETHSIGNER_AZURE_SIGNER_TENANT_ID=34255fb0-379b-4a1a-bd47-d211ab86df81
azure-signer.tenant-id="34255fb0-379b-4a1a-bd47-d211ab86df81"
multikey-signer¶
directory¶
Path to the directory containing the TOML files required to access keys.
--directory=<directoryPath>
--directory=/Users/me/keys
ETHSIGNER_MULTIKEY_SIGNER_DIRECTORY=/Users/me/keys
multikey-signer.directory="/Users/me/keys"