Use Keystore for private key encryption

To ensure privacy over operator's private key, an alternative to write it down in the .env file would be to use Keystores as presented by Othentic in the following documentation:

Generate Keys | Othenticdocs.othentic.xyz

To set up the keystore, follow these steps:

1. Generate Keystore

Run the keystore generation with following command format:

othentic-cli [SUB-COMMAND-1] [SUB-COMMAND-2]  
  --keystore <KEYSTORE_PATH>  
  --keystore-password <DECRYPT_PASSWORD>

2. Update .env file

Replace PRIVATE_KEY with the following entries:

//.env  
...  
WALLET_KEYSTORE_PATH=.keystore/c54b33db-311c-4e32-9ed3-375e5c0b6f0c  # Keystore path  
WALLET_KEYSTORE_PASSWORD=123  
OPERATOR_ADDRESS=0xabc  # Only include if Controller Key and Consensus Key differ

3. Update Docker Compose file

Update your docker-compose.yml with the following structure:

attestor:  
     <<: *othentic-cli  
     container_name: attestor  
     command:  
       - "node"  
       - "attester"  
       - "/ip4/34.229.78.54/tcp/9876/p2p/${OTHENTIC_BOOTSTRAP_ID}"  
       - "--json-rpc"  
       - "--json-rpc.custom-message-enabled"  
       - "--avs-webapi"  
       - "http://172.28.0.20"  
       - "--avs-webapi-port"  
       - "${AVS_WEBAPI_PORT}"  
       - "--l1-chain"  
       - "holesky"  
       - "--l2-chain"  
       - "amoy"  
       - "--metrics"  
       - "--p2p.datadir"  
       - "data/peerstore/attester"  
       - "--keystore"  
       - "${WALLET_KEYSTORE_PATH}"  
       - "--keystore-password"  
       - "${WALLET_KEYSTORE_PASSWORD}"  
     environment:  
       - OTHENTIC_BOOTSTRAP_ID=${OTHENTIC_BOOTSTRAP_ID}  
       - AVS_WEBAPI_PORT=${AVS_WEBAPI_PORT}  
       - LOG_DIR=data/logs/attester  
       - WALLET_KEYSTORE_PASSWORD=${WALLET_KEYSTORE_PASSWORD}  
       - WALLET_KEYSTORE_PATH=${WALLET_KEYSTORE_PATH}  
     volumes:  
       - ./data/peerstore/attestor:/app/data/peerstore/attestor  
       - ./data/logs/attestor:/app/logs/peerstore/attestor  
       - ./keystore:/app/data/keystore  # Assuming if you are using keystone directory name 
     networks:  
       mishti_network:  
         ipv4_address: 172.28.0.30  
     depends_on:  
       - avswebapi  
     logging:  
       driver: "json-file"  
       options:  
         max-file: "10"  
         max-size: "20m"

(environment and volumes sections need to be upadated here)

PreviousRegister and Run a Human Node NextKeyshare backup

Last updated 5 months ago