EthSigner Command Line

This reference describes the syntax of the EthSigner Command Line Interface (CLI) options. EthSigner signs transaction with a key stored in an encrypted file or an external vault (for example, Hashicorp):

  • ethsigner [Options] file-based-signer [File Options]
  • ethsigner [Options] hashicorp-signer [Hashicorp Options]
  • ethsigner [Options] azure-signer [Azure Options]
  • ethsigner [Options] multifile-based-signer [Multifile Options]

Options

chain-id

Chain ID of the network to receive the signed transactions.

--chain-id=<chainId>
--chain-id=2017

data-path

Directory in which to store temporary files.

--data-path=<PATH>
--data-path=/Users/me/my_node/data

downstream-http-host

Endpoint to which received requests are forwarded. Default is localhost.

--downstream-http-host=<downstreamHttpHost>
--downstream-http-host=192.168.05.14

downstream-http-port

Endpoint to which received requests are forwarded.

--downstream-http-port=<downstreamHttpPort>
--downstream-http-port=6174

downstream-http-request-timeout

Timeout period (in milliseconds) for downstream requests. Default is 5000.

--downstream-http-request-timeout=<downstreamHttpRequestTimeout>
--downstream-http-request-timeout=3000

http-listen-host

Host on which JSON-RPC HTTP listens. Default is localhost.

--http-listen-host=<httpListenHost>
--http-listen-host=8.8.8.8

http-listen-port

Port on which JSON-RPC HTTP listens. Default is 8545.

--http-listen-port=<httpListenPort>
--http-lisentport=6174

logging

Logging verbosity levels. Options are: OFF, FATAL, WARN, INFO, DEBUG, TRACE, ALL. Default is INFO.

-l, --logging=<LOG VERBOSITY LEVEL>
--logging=DEBUG

help

Displays the help and exits.

-h, --help

version

Displays the version and exits.

-V, --version

File Options

key-file

File containing key with which transactions are signed.

-k, --key-file=<keyFile>
--key-file=/Users/me/my_node/transactionKey

password-file

File containing password for the key with which transactions are signed.

-p, --password-file=<passwordFile>
--password-file=/Users/me/my_node/password

Hashicorp Options

auth-file

File containing authentication data for Hashicorp Vault. The authentication data is the root token displayed by the Hashicorp Vault server.

--auth-file=<authFile>
--auth-file=/Users/me/my_node/auth_file

host

Host of the Hashicorp Vault server. Default is localhost.

--host=<serverHost>
--host="http://host.com"

port

Port of the Hashicorp Vault server. Default is 8200.

--port=<serverPort>
--port=23000

signing-key-path

Path to secret in the Hashicorp Vault containing the private key for signing transactions. Default is /secret/data/ethsignerSigningKey.

--signing-key-path=<signingKeyPath>
--signing-key-path=/my_secret/ethsignerSigningKey

timeout

Timeout in milliseconds for requests to the Hashicorp Vault server. Default is 10000.

--timeout=<timeout>
--timeout=5000

Azure Options

client-id

ID used to authenticate with Azure Key Vault.

--client-id=<clientID>
--client-id="MyClientID"

client-secret-path

Path to file containing secret used to access the vault.

--client-secret-path=<clientSecretPath>
--client-secret-path=/Path/MySecret

key-name

Name of key to be used.

--key-name=<keyName>
--key-name="MyKey"

key-version

Version of the specified key to use.

--key-version=<keyVersion>
--key-version="7c01fe58d68148bba5824ce418241092"

keyvault-name

Name of the vault to access. Sub-domain of vault.azure.net.

--keyvault-name=<keyVaultName>
--keyvault-name="MyKeyVault" 

Multifile Options

directory

Path to the directory containing the key and password files.

--directory=<directoryPath>
--directory=/Users/me/keys