Validator Keys
After installing the Operator Service, you need to generate validator keystores — the cryptographic keys your validators use to sign attestations and propose blocks. The Operator Service provides built-in key generation, or you can use external tools such as Wagyu Keygen ↗.
Step 1: Initialize Mnemonic
Initialize Configuration
Run the init command to set up your mnemonic used to derive your validator keys.
For example, if running Operator Service from binary:
./operator init
Follow the command prompts.
Example Output
Enter the network name (mainnet, hoodi, gnosis) [mainnet]:
Enter your vault address: 0xF82...d9E6c
Choose your mnemonic language (chinese_simplified, chinese_traditional, czech, english, italian, korean, portuguese, spanish) [english]:
This is your seed phrase. Write it down and store it safely, it is the ONLY way to recover your validator keys.
fish monster write banner tired laptop slender ...
Press any key when you have written down your mnemonic.
Please type your mnemonic (separated by spaces) to confirm you have written it down
: fish monster write banner tired laptop slender ...
done.
Successfully initialized configuration for StakeWise operator
Important Security Notice
Keep your mnemonic safe. It is the only way to recover your validator keys.
Step 2: Generate Validator Keys
Generate validator keystores from your mnemonic using:
./operator create-keys
Follow the command prompts.
Example Output
Enter the number of the validator keys to generate: 3
Enter the mnemonic for generating the validator keys: fish monster write banner tired laptop slender ...
Enter the vault address: 0xF82...cd9E6
Creating validator keys: [####################################] 3/3
Exporting validator keystores [####################################] 3/3
Done. Generated 3 keys for StakeWise operator.
Keystores saved to ~/.stakewise/0xf82f6e46d0d0a9536b9ca4bc480372eeafcd9e6c/keystores file
Keystore Locations
- Keystores are saved to
~/.stakewise/[vault address]/keystores - Default: A single
password.txtfile contains the password for all generated keystores - Per-keystore option: Use the
--per-keystore-passwordflag to generate individual password files for each keystore (e.g.,keystore-001.txt,keystore-002.txt, etc.)
Important Security Notice
Protect your password files as carefully as your keystores — anyone with access to them can decrypt your keys. This applies to both the single password.txt file and individual per-keystore password files.
You can generate additional validator keys at any time by running create-keys again.
Step 3: Import Validator Keys
Upload your keystores into your validator client:
- Locate your keystores in
~/.stakewise/[vault address]/keystores - Follow your consensus client's guide for importing keys
- Use the password from
password.txtfile - Ensure
suggested-fee-recipientis set to the Block reward recipient address from the Details section of your Vault page - Start the validator client with attached validator keys
Alternative Key Management
Validator keystores don't need to be stored locally. You can instead use:
- Remote Signer → — Sign deposit/exit messages via a remote signer
- HashiCorp Vault → — Load keys from a remote Vault instance
- API Mode → — Run Operator as API service with external key management
Next Steps
With your validator keys generated and imported, continue to Validators Manager → to create your operator wallet and configure the necessary Vault permissions for validator management.