Key Creation
After installing the Operator Service, you need to generate validator keystores and deposit data for your Vault, plus set up a wallet for handling validator registrations.
The Operator Service provides built-in functionality to generate all of the above. Alternatively, you may use external tools such as Wagyu Keygen ↗ to generate keystores, and wallets like MetaMask ↗ or MyEtherWallet ↗.
This section walks you through the complete setup process using the Operator Service built-in tools.
🔑 Key Generation Flow📝 Mnemonic ├─ 🔐 Validator Keys → 📁 Keystores + 📄 Deposit Data → ✅ Import to Client └─ 💳 Wallet → 💰 Fund with ETH → 📤 Upload Deposit Data → 🚀 Register Validators
Step 1: Initialize Mnemonic
Initialize Configuration
Run the init command to set up your mnemonic used to derive your validator keys.
For example, if running Operator Service from binary:
./operator init
Follow the command prompts.
Example Output
Enter the network name (mainnet, hoodi, gnosis, chiado) [mainnet]:
Enter your vault address: 0x3320a...68
Choose your mnemonic language (chinese_simplified, chinese_traditional, czech, english, italian, korean, portuguese, spanish) [english]:
This is your seed phrase. Write it down and store it safely, it is the ONLY way to recover your validator keys.
pumpkin anxiety private salon inquiry ....
Press any key when you have written down your mnemonic.
Please type your mnemonic (separated by spaces) to confirm you have written it down
: pumpkin anxiety private salon inquiry ....
done.
Successfully initialized configuration for vault 0x3320a...68
Important Security Notice
Keep your mnemonic safe. It is the only way to recover your validator keys.
Step 2: Generate Validator Keys
Generate validator keystores and deposit data from your mnemonic using:
./operator create-keys
Follow the command prompts.
Example Output
Enter the vault address: 0x3320a...68
Enter the number of the validator keys to generate: 10
Enter the mnemonic for generating the validator keys: pumpkin anxiety private salon inquiry ....
Creating validator keys: [####################################] 10/10
Generating deposit data JSON [####################################] 10/10
Exporting validator keystores [####################################] 10/10
Done. Generated 10 keys for 0x3320a...68 vault.
Keystores saved to /home/user/.stakewise/0x3320a...68/keystores file
Deposit data saved to /home/user/.stakewise/0x3320a...68/keystores/deposit_data.json file
Generated Files
- Keystores: Saved to
~/.stakewise/[network]/keystores - Deposit Data: Saved to
~/.stakewise/[network]/keystores/deposit_data.json - Password: Stored in
password.txtwithin the keystores folder
Deposit Data Requirements
The deposit data file must be created using the Vault contract as the withdrawal address. The Operator Service automatically uses your Vault address for this purpose. If using external tools, ensure the withdrawal address matches your Vault contract address.
Important
Protect password.txt as carefully as your keystores — anyone with it can access your keys.
You can always add more validator keys to your Vault. For that, you need to generate new validator keys and upload the new deposit data file (which will overwrite the existing one).
Step 3: Set Up Wallet
Create a wallet for validator registrations and gas payments:
./operator create-wallet
Example Output
Enter the vault address: 0x3320a...68
Enter the mnemonic for generating the wallet: pumpkin anxiety private salon inquiry ...
Done. The wallet and password saved to /home/user/.stakewise/0x3320a...68/wallet directory. The wallet address is: 0x239B...e3Cc
You may reuse the same mnemonic as your validator keys or generate a separate one for added security.
Wallet Balance Warning
Fund your wallet with ETH (or xDAI on Gnosis) to cover gas:
- Each validator registration costs ~0.01 ETH at 30 Gwei gas price
- Check current gas prices at Etherscan Gas Tracker ↗
- Monitor balance regularly to prevent registration failures
Step 4: Upload Deposit Data to Vault
Once you have created your validator keys and deposit data file, you need to upload the deposit data file to the Vault. This process connects your node to the Vault and can only be done by the Vault Admin or Keys Manager ↗.
Multiple Operators
If there is more than one node operator in a Vault, you first need to merge all operator deposit data files into a single file using the merge-deposit-data command before uploading.
- StakeWise UI
- Operator Service
- Connect with your wallet and head to the Operate page ↗
- Select the Vault you want to upload the deposit data file to
- In the upper right corner, click on "Settings" and open the "Deposit Data" tab
- Upload the deposit data file either by dragging and dropping the file, or clicking to choose the file via your file browser
- Click Save and sign the transaction in your wallet
UI Access
The "Settings" button is only visible to the Vault Admin or Keys Manager.
Calculate the deposit data Merkle tree root with the following command:
./operator get-validators-root
Enter the vault address: 0xeEFFFD4C23D2E8c845870e273861e7d60Df49663
The validator deposit data Merkle tree root: 0x50437ed72066c1a09ee85978f168ac7c58fbc9cd4beb7962c13e68e7faac26d7
Then upload the root to your Vault contract:
- Vault version 1: Call
setValidatorsRootmethod of Vault contract - Vault version 2+: Call
setDepositDataRootmethod ofDepositDataRegistrycontract
Find the DepositDataRegistry contract addresses:
Step 5: Import Validator Keys
Upload your keystores into your validator client:
- Locate your keystores in
~/.stakewise/[network]/keystores - Follow your consensus client's guide for importing keys
- Use the password from
password.txtfile - Start the validator client with attached validator keys.
Fee Recipient Configuration Required
You must use the Block Reward Recipient address from the Details section on the Vault page as the suggested-fee-recipient in your validator client. An incorrect value will result in penalties for your Vault in the Smoothing Pool and will trigger a warning on the Vault page, alerting users to an invalid validator setup.
Alternative Key Management
Validator keystores don't need to be stored locally. You can instead use:
- Remote Signer ↗ - Sign deposit/exit messages via a remote signer
- HashiCorp Vault ↗ - Load keys from a remote Vault instance
- API Mode ↗ - Run Operator as API service with external key management
Additional Commands
Add More Validator Keys
You can always add more validator keys to your Vault:
- Generate new keys using
create-keys - Upload the new deposit data file (this overwrites the existing file)
- Import the new keystores to your validator clients
Overwrite Warning
Uploading a new deposit data file will overwrite the existing file and consequently overwrite previously unused validator keys.
Merge Deposit Data Files
For Vaults with multiple operators, merge deposit data files:
./operator merge-deposit-data
Recover Validator Keystores
You can recover validator keystores that are active. The recovery process will detect validators associated with your Vault address.
Safety Requirements
Before recovering keystores:
- Stop all validators - Ensure no validators are running with these keystores
- Wait at least 2 epochs - Allow time to pass to avoid slashing
- Protect mnemonic - Your seed phrase can generate all validator keys
./operator recover
Example Output
Enter the mnemonic for generating the validator keys: [Your Mnemonic Here]
Enter your vault address: 0x3320ad928c20187602a2b2c04eeaa813fa899468
Enter the comma separated list of API endpoints for execution nodes: https://example.com
Enter the comma separated list of API endpoints for consensus nodes: https://example.com
Enter the network name: hoodi
Found 24 validators, recovering...
Generating keystores [####################################] 100%
Keystores for vault 0x3320ad928c20187602a2b2c04eeaa813fa899468 successfully recovered to /home/user/.stakewise/keystores
Advanced Configuration
Environment Variables
Operator Service can be configured via environment variables instead of CLI flags.
Copy this example file ↗ and save it as .env.
# Load environment variables
export $(grep -v '^#' .env | xargs)
# Verify they're loaded
env
Gas Fee Limits
Protect against excessive gas costs by setting maximum fees:
./operator start --max-fee-per-gas-wei=100000000000 # 100 Gwei max
CPU Optimization
Reduce CPU load during key operations:
# Use half your CPU cores (recommended)
./operator create-keys --pool-size=2
Performance Tip
Setting --pool-size to half your CPU cores ensures smooth node operation during keystore operations.
Next Steps
With your keys, deposit data, and wallet prepared, continue to Getting Started ↗ to configure your Vault permissions and launch the Operator Service.
For consensus client documentation, see:
Lighthouse ↗ • Prysm ↗ • Teku ↗ • Nimbus ↗ • Lodestar ↗