Validator Keys
After installing the Operator Service, you need to generate validator keystores for your Vault and set up a wallet for handling validator registrations.
The Operator Service provides built-in functionality to generate all of the above. Alternatively, you may use external tools such as Wagyu Keygen ↗ to generate keystores, and wallets like MetaMask ↗ or MyEtherWallet ↗.
This section walks you through the complete setup process using the Operator Service built-in tools.
🔑 Validator Keys Setup📝 Initialize Mnemonic ↓ 🔐 Generate Validator Keys → 📁 Keystores + 🔑 Passwords ↓ ✅ Import Keys to Consensus Client
Step 1: Initialize Mnemonic
Initialize Configuration
Run the init command to set up your mnemonic used to derive your validator keys.
For example, if running Operator Service from binary:
./operator init
Follow the command prompts.
Example Output
Enter the network name (mainnet, hoodi, gnosis, chiado) [mainnet]:
Enter your vault address: 0x3320a...68
Choose your mnemonic language (chinese_simplified, chinese_traditional, czech, english, italian, korean, portuguese, spanish) [english]:
This is your seed phrase. Write it down and store it safely, it is the ONLY way to recover your validator keys.
pumpkin anxiety private salon inquiry ....
Press any key when you have written down your mnemonic.
Please type your mnemonic (separated by spaces) to confirm you have written it down
: pumpkin anxiety private salon inquiry ....
done.
Successfully initialized configuration for vault 0x3320a...68
Important Security Notice
Keep your mnemonic safe. It is the only way to recover your validator keys.
Step 2: Generate Validator Keys
Generate validator keystores from your mnemonic using:
./operator create-keys
Follow the command prompts.
Example Output
Enter the vault address: 0x3320a...68
Enter the number of the validator keys to generate: 10
Enter the mnemonic for generating the validator keys: pumpkin anxiety private salon inquiry ....
Creating validator keys: [####################################] 10/10
Generating deposit data JSON [####################################] 10/10
Exporting validator keystores [####################################] 10/10
Done. Generated 10 keys for 0x3320a...68 vault.
Keystores saved to /home/user/.stakewise/0x3320a...68/keystores file
Deposit data saved to /home/user/.stakewise/0x3320a...68/keystores/deposit_data.json file
Keystore Locations
- Keystores are saved to
~/.stakewise/[network]/keystores - Default: A single
password.txtfile contains the password for all generated keystores - Per-keystore option: Use the
--per-keystoreflag to generate individual password files for each keystore (e.g.,keystore-001.txt,keystore-002.txt, etc.)
Important
Protect your password files as carefully as your keystores — anyone with access to them can decrypt your keys. This applies to both the single password.txt file and individual per-keystore password files.
You can always add more validator keys to your Vault. For that, you need to generate new validator keys.
Step 3: Import Validator Keys
Upload your keystores into your validator client:
- Locate your keystores in
~/.stakewise/[network]/keystores - Follow your consensus client's guide for importing keys
- Use the password from
password.txtfile - Start the validator client with attached validator keys.
Fee Recipient Configuration Required
You must use the Block Reward Recipient address from the "Details" section on the Vault page as the suggested-fee-recipient in your validator client. An incorrect value will result in penalties for your Vault in the Smoothing Pool and will trigger a warning on the Vault page, alerting users to an invalid validator setup.
Alternative Key Management
Validator keystores don't need to be stored locally. You can instead use:
- Remote Signer ↗ - Sign deposit/exit messages via a remote signer
- HashiCorp Vault ↗ - Load keys from a remote Vault instance
- API Mode ↗ - Run Operator as API service with external key management
Next Steps
With your validator keys generated and imported, continue to Validators Manager ↗ to create your operator wallet and configure the necessary Vault permissions for validator management.