Validator Keys

After installing the Operator Service, you need to generate validator keystores — the cryptographic keys your validators use to sign attestations and propose blocks. The Operator Service provides built-in key generation, or you can use external tools such as Wagyu Keygen ↗.

Step 1: Initialize Mnemonic

Initialize Configuration

Run the init command to set up your mnemonic used to derive your validator keys.

For example, if running Operator Service from binary:

./operator init

Follow the command prompts. You will be asked to enter your Vault address during this step.

Where to Find Your Vault Address

From URL

Navigate to your Vault page — the address is included in the URL:

https://stakewise.io/vault/mainnet/0x1234567890abcdef...
                                   ^^^^^^^^^^^^^^^^^^^
                                    Your Vault Address

From Details Section

1. Go to your Vault page
2. Scroll to the bottom to find the Details section
3. Look for the Contract address field
4. Copy the displayed address

Example Output

Enter the network name (mainnet, hoodi, gnosis) [mainnet]:
Enter your vault address: 0xF82...d9E6c
Choose your mnemonic language (chinese_simplified, chinese_traditional, czech, english, italian, korean, portuguese, spanish) [english]:

This is your seed phrase. Write it down and store it safely, it is the ONLY way to recover your validator keys.

fish monster write banner tired laptop slender ...

Press any key when you have written down your mnemonic.

Please type your mnemonic (separated by spaces) to confirm you have written it down

: fish monster write banner tired laptop slender ...

done.
Successfully initialized configuration for StakeWise operator

Important Security Notice

Keep your mnemonic safe. It is the only way to recover your validator keys.

Step 2: Generate Validator Keys

Generate validator keystores from your mnemonic using:

./operator create-keys

Follow the command prompts.

Example Output

Enter the number of the validator keys to generate: 3
Enter the mnemonic for generating the validator keys: fish monster write banner tired laptop slender ...
Enter the vault address: 0xF82...cd9E6
Creating validator keys:		  [####################################]  3/3
Exporting validator keystores		  [####################################]  3/3

Done. Generated 3 keys for StakeWise operator.
Keystores saved to ~/.stakewise/0xf82f6e46d0d0a9536b9ca4bc480372eeafcd9e6c/keystores file

Keystore Locations

• Keystores are saved to ~/.stakewise/[vault address]/keystores
• Default: A single password.txt file contains the password for all generated keystores
• Per-keystore option: Use the --per-keystore-password flag to generate individual password files for each keystore (e.g., keystore-001.txt, keystore-002.txt, etc.)

Important Security Notice

Protect your password files as carefully as your keystores — anyone with access to them can decrypt your keys. This applies to both the single password.txt file and individual per-keystore password files.

You can generate additional validator keys at any time by running create-keys again.

Step 3: Import Validator Keys

Upload your keystores into your validator client:

1. Locate your keystores in ~/.stakewise/[vault address]/keystores
2. Follow your consensus client's guide for importing keys
3. Use the password from password.txt file
4. Ensure suggested-fee-recipient is set to the Block reward recipient address from the Details section of your Vault page
5. Start the validator client with attached validator keys

Alternative Key Management

Validator keystores don't need to be stored locally. You can instead use:

• Remote Signer → — Sign deposit/exit messages via a remote signer
• HashiCorp Vault → — Load keys from a remote Vault instance
• API Mode → — Run Operator as API service with external key management