Version: v2.0.2

Advanced Keystore Usage

Overview

The keystore manages private keys and addresses for your Aztec sequencer or prover. This guide covers advanced keystore configurations including secure key storage methods, multi-account setups, and production deployment patterns.

Prerequisites

Before proceeding, you should:

Be familiar with running a sequencer or prover node
Understand the basic keystore structure from the sequencer setup guide
Have access to appropriate key management infrastructure (if using remote signers)

Understanding Keystore Roles

The keystore manages different types of keys depending on your node type. Understanding these roles helps you configure the right keys for your needs.

Sequencer Keys

When running a sequencer, you configure these keys and addresses:

Attester (required): Your sequencer's identity. This key signs block proposals and attestations. The corresponding Ethereum address uniquely identifies your sequencer on the network.
Publisher (optional): Submits block proposals to L1. Defaults to using the attester key if not specified. Must be funded with at least 0.1 ETH.
Coinbase (optional): Ethereum address that receives L1 block rewards. Defaults to the attester address if not set.
Fee Recipient (required): Aztec address that receives unburnt L2 transaction fees from blocks you produce.

Prover Keys

Prover nodes use a simpler configuration:

Prover ID: Ethereum address identifying your prover and receiving rewards.
Publisher: Submits proof transactions to L1. Must be funded with ETH for gas costs.

Slasher Keys

If you're running a slasher to monitor the network:

Slasher: Key used to create slash payloads on L1 when detecting sequencer misbehavior.

What This Guide Covers

This guide walks you through advanced keystore configurations in three parts:

1. Key Storage Methods

Learn about different ways to store and access private keys:

Inline private keys (for testing)
Remote signers with Web3Signer (recommended for production)
JSON V3 encrypted keystores
BIP44 mnemonic derivation

See Key Storage Methods for detailed instructions.

2. Advanced Configuration Patterns

Explore complex deployment scenarios:

Using multiple publisher accounts for load distribution
Running multiple sequencers on a single node
Infrastructure provider configurations
High availability setups

See Advanced Configuration Patterns for examples.

3. Troubleshooting

Get help with common issues:

Keystore loading failures
Key format validation
Security best practices
Permission problems

See Troubleshooting for solutions.

Getting Started

Start with the Key Storage Methods guide to understand your options for storing keys securely. Once you're comfortable with the basics, explore the Advanced Configuration Patterns guide for more complex scenarios.

For production deployments, we strongly recommend using remote signers or encrypted keystores instead of inline private keys.

Overview​

Prerequisites​

Understanding Keystore Roles​

Sequencer Keys​

Prover Keys​

Slasher Keys​

What This Guide Covers​

1. Key Storage Methods​

2. Advanced Configuration Patterns​

3. Troubleshooting​

Getting Started​