Node Key Management
From Chainlink Community Wiki
Accessing Chianlink Node CLI
Many of the tasks on this page require you to have access to the Chianlink Node's CLI.
To access the CLI, you must attach to your Chainlink container's bash tty session
docker exec -it $CONTAINER_NAME /bin/bash
Once connected, for the majority of the tasks you will want to accompish, you'll need to authenticate via your API credentials (the same credentials you use to access the web UI)
chainlink admin login
Now that you've authenticated with your API credentials, we can accomplish some more nuanced tasks that are not available via the web UI.
Chainlink Node Private Key Management
Where to Find Your Key(s)
- The command you want to run will vary based on the type of keys you're looking for
- CSA keys
chainlink keys csa list
- Ethereum/EVM keys
chainlink keys eth list
- OCR keys
chainlink keys ocr list
- OCR 2 keys
chainlink keys ocr2 list
- P2P keys
chainlink keys p2p list
- Solana keys
chainlink keys solana list
- Terra keys
chainlink keys terra list
- VRK keys
chainlink keys vrf list
- CSA keys
Generate New Key(s)
- This command will vary based on which key's you're creating
- CSA keys
chainlink keys csa create
- Ethereum/EVM keys
chainlink keys eth create --evmChainID 1
- OCR keys
chainlink keys ocr create
- OCR 2 keys
chainlink keys ocr2 create
- P2P keys
chainlink keys p2p create
- Solana keys
chainlink keys solana create
- Terra keys
chainlink keys terra create
- VRK keys
chainlink keys vrf create
- CSA keys
Exporting Your Private Keys
If you'd like to export your private keys, the following steps will provide you with directions and examples
While connected to, and authenticated with, the Chainlink CLI, we will want to:
- List our keys to identify which one(s) we wish to export.
- Create a file containing our password used to encrypt the exported password.
- Export our password.
- Copy the private key file to our host.
In the below example, we will be exporting an Ethereum mainnet private key.
List our keys to identify which one(s) we wish to export.
chainlink keys eth list
Create a file containing our password used to encrypt the exported password.
echo "$YOURPASSWORD" > passwordFile
Export our password.
chainlink keys eth export $0xKEY_ADDRESS --newpassword passwordFile --output $NAME_FOR_PRIAVTEKEY_FILE
Copy the private key file to our host.
docker cp $CONTAINER_NAME:/$NAME_FOR_PRIVATEKEY_FILE /host/path/$NAME_FOR_PRIVATEKEY_FILE
Now that the file is on your Docker host, you can scp it somewhere else, or whatever you'd like to do with it.
Importing/Replacing Your Private Keys
In some situations, you may find yourself in need of importing your own keys, or perhaps you've gotten a borked node and want to export your old keys and import them into a newly built Chainlink node.
Whatever your situation, the steps below will assist
Key Format
In order for your keys to be accepted for use in the Chainlink node, they must be in the proper, single line, json format.
An example is shown below:
{"address":"bdcfbbd9da176e233d5a8d9a77905c2853bf10a9","crypto":{"cipher":"aes-128-ctr","ciphertext":"69ecad9449d479b7c2dc7eac19131da1af9bb64347d33e5b3bff314c7a3710f9","cipherparams":{"iv":"dd4535b11fa85e25fe0b9d4f2889aa66"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"4be7fad8f62c395bbb7457e1e398f37a346f36df6673c377dd91d0efe201821f"},"mac":"9a7c8461b60b98d16376e665b290aecf75620d8276799fbe75045dbbf2b3bdd8"},"id":"bdcfbbd9-da17-6e23-3d5a-8d9a77905c28","version":3}
Key Password
Each private key must be encrypted, and to accompish this, the Chainlink Node will require a local file (within the container) to decrypt the key.
echo "$YOURPASSWORD" > passwordFile
We'll need to copy both the private key file and the password file into the Chianlink Node's container.
With the key in the correct format, we will need to copy both the key and the password file into the Chainlink Node
docker cp /host/path/$NAME_FOR_PRIVATEKEY_FILE $CONTAINER_NAME:/$NAME_FOR_PRIVATEKEY_FILE
docker cp /host/path/$PASSWORD_FILE $CONTAINER_NAME:/$PASSWORD_FILE
Once the file is copied into the Chainlink Node's container, we will want to enter the container's bash session and authenticate with our API credentials.
Once done, we will want to
- List the contents of our working directory to make sure our private key and password files are present.
- List our keys to identify which one(s) we wish to replace.
- Delete the unwanted/unused key.
- Import the desired key.
List the contents of our working directory to make sure our private key and password files are present.
ls -l
-rw------- 1 root root 491 May 20 16:24 0xDBD580eE789fF9539d6fd416d0A059C0D1cC1dbF-pkey.json -rw-r--r-- 1 root root 16 May 20 16:24 passwordFile
List our keys to identify which one(s) we wish to export.
chainlink keys eth list
🔑 ETH keys ------------------------------------------------------------- Address: 0xbdCfbBD9DA176E233d5A8d9a77905c2853bF10A9 EVM Chain ID: 4 ETH: 0.000000000000000000 LINK: 0 Is funding: false Created: 2022-05-20 15:52:04.770036 +0000 UTC Updated: 2022-05-20 15:52:04.770036 +0000 UTC Max Gas Price Wei: 5000000000000
Assuming we want to delete the above key and replace it with a new one with the address of 0xDBD580eE789fF9539d6fd416d0A059C0D1cC1dbF, we will need to:
Delete the unwanted/unused key.
chainlink keys eth delete --hard --yes 0xbdCfbBD9DA176E233d5A8d9a77905c2853bF10A9
Note: The --hard and --yes flags will delete without archiving (no restoration options), and skip the confirmation prompt respectively.
Note: If you delete any key without exporting it, it is gone forever. When in doubt, always export your key before deleting it.
🔑 Deleted ETH key ------------------------------------------------------------- Address: 0xbdCfbBD9DA176E233d5A8d9a77905c2853bF10A9 EVM Chain ID: 4 ETH: 0.000000000000000000 LINK: 0 Is funding: false Created: 2022-05-20 15:52:04.770036 +0000 UTC Updated: 2022-05-20 15:52:04.770036 +0000 UTC Max Gas Price Wei: 0
With the old key deleted, we will want to now import the desired key.
Import new private key
chainlink keys eth import --oldpassword passwordFile --evmChainID 4 0xDBD580eE789fF9539d6fd416d0A059C0D1cC1dbF-pkey.json
🔑 Imported ETH key ------------------------------------------------------------- Address: 0xDBD580eE789fF9539d6fd416d0A059C0D1cC1dbF EVM Chain ID: 4 ETH: 0.000000000000000000 LINK: 0 Is funding: false Created: 2022-05-20 16:33:17.630505 +0000 UTC Updated: 2022-05-20 16:33:17.630505 +0000 UTC Max Gas Price Wei: 0