Skip to main content

Signers

Define remote signers. Bakers automatically use signers in their namespace that are configured to sign for the accounts they are baking for. By default no signer is configured.

https://tezos.gitlab.io/user/key-management.html#signer

octezSigners: {}

Example:

octezSigners:
 tezos-signer-0:
   accounts:
    - baker0
   authorized_keys:
    # Names of accounts used to authenticate the baker to the signer.
    # The baker must have the private key for one of the listed
    # accounts. The signer will only sign a request from a baker
    # authenticated by an allowed key.
    - authorized-key-0

Deploys a signer using AWS KMS to sign operations. The AWS_REGION env var must be set. https://github.com/oxheadalpha/tacoinfra-remote-signer

tacoinfraSigners: {}

Example:

tacoinfraSigners
  tacoinfra-signer:
    accounts:
      - tacoinfraSigner
    env:
      AWS_REGION: us-east-2
    serviceAccount:
      create: true
      ## EKS example for setting the role-arn
      annotations:
        eks.amazonaws.com/role-arn: <SIGNER_ROLE_ARN>