Web3Signer command line options
This reference describes the syntax of the Web3Signer Command Line Interface (CLI) options.
Specify options
Web3Signer options can be specified:
- On the command line.
- As an environment variable. For each command line option, the equivalent environment variable is:
- Upper-case.
_
replaces-
.- Has a
WEB3SIGNER_
prefix.
- In a YAML configuration file.
If you specify an option in more than one place, the order of priority is command line, environment variable, configuration file.
Options
config-file
Path to the YAML configuration file.
The default is none
.
- Syntax
- Example
- Environment variable
--config-file=<FILE>
--config-file=/home/me/me_node/config.yaml
WEB3SIGNER_CONFIG_FILE=/home/me/me_node/config.yaml
data-path
- Syntax
- Example
- Environment variable
- Configuration file
--data-path=<PATH>
--data-path=/Users/me/my_node/data
WEB3SIGNER_DATA_PATH=/Users/me/my_node/data
data-path: "/Users/me/my_node/data"
Directory in which to store temporary files.
key-config-path
, key-store-path
- Syntax
- Example
- Environment variable
- Configuration file
--key-config-path=<PATH>
--key-config-path=/Users/me/keys
WEB3SIGNER_KEY_CONFIG_PATH=/Users/me/keys
key-config-path: "/Users/me/keys"
Path to the directory containing the YAML files required to access keys.
key-store-config-file-max-size
- Syntax
- Example
- Environment variable
- Configuration file
--key-store-config-file-max-size=<INTEGER>
--key-store-config-file-max-size=158000000
WEB3SIGNER_KEY_STORE_CONFIG_FILE_MAX_SIZE=158000000
key-store-config-file-max-size: 158000000
The maximum signing key configuration file size in bytes. This is useful when you're loading a large number of signing key configurations from a single file.
The default size is 104857600 bytes (100 MB).
logging
- Syntax
- Example
- Environment variable
- Configuration file
-l, --logging=<LEVEL>
--logging=DEBUG
WEB3SIGNER_LOGGING=DEBUG
logging: "DEBUG"
Sets logging verbosity.
Log levels are OFF
, FATAL
, WARN
, INFO
, DEBUG
, TRACE
, ALL
.
The default is INFO
.
http-cors-origins
- Syntax
- Example
- Environment variable
- Configuration file
--http-cors-origins=<httpListenHost>
--http-cors-origins=""http://medomain.com"
WEB3SIGNER_HTTP_CORS_ORIGINS=""http://medomain.com"
http-cors-origins=["https://meotherdomain.com"]
A list of domain URLs for CORS validation. You must enclose the URLs in double quotes and separate them with commas.
Listed domains can access the node using REST API. If your client interacts with Web3Signer using a browser app, you must allow the client domains.
The default value is none
.
If you do not allow any domains, browser apps cannot interact with your Web3Signer node.
For testing and development purposes, use "all"
or "*"
to accept requests from any domain.
We don't recommend accepting requests from any domain for production environments.
http-listen-host
- Syntax
- Example
- Environment variable
- Configuration file
--http-listen-host=<httpListenHost>
--http-listen-host=8.8.8.8
WEB3SIGNER_HTTP_LISTEN_HOST=8.8.8.8
http-listen-host: "8.8.8.8"
Host on which HTTP listens.
The default is localhost
.
http-listen-port
- Syntax
- Example
- Environment variable
- Configuration file
--http-listen-port=<httpListenPort>
--http-listen-port=6174
WEB3SIGNER_HTTP_LISTEN_PORT=6174
http-listen-port: 6174
Port on which HTTP listens. The default is 9000.
http-host-allowlist
- Syntax
- Example
- Environment variable
- Configuration file
--http-host-allowlist=<hostname>[,<hostname>...]... or "*"
--http-host-allowlist=medomain.com,meotherdomain.com
WEB3SIGNER_HTTP_HOST_ALLOWLIST=medomain.com,meotherdomain.com
http-host-allowlist: ["medomain.com", "meotherdomain.com"]
A comma-separated list of hostnames to allow access to the REST APIs.
By default, Web3Signer accepts access from localhost
and 127.0.0.1
.
To allow all hostnames, use "*"
.
We don't recommend allowing all hostnames for production environments.
idle-connection-timeout-seconds
- Syntax
- Example
- Environment variable
- Configuration file
--idle-connection-timeout-seconds=<TIMEOUT>
--idle-connection-timeout-seconds=60
WEB3SIGNER_IDLE_CONNECTION_TIMEOUT_SECONDS=60
idle-connection-timeout-seconds: 60
Number of seconds to wait before terminating an idle connection. The default is 30.
metrics-enabled
- Syntax
- Example
- Environment variable
- Configuration file
--metrics-enabled[=<BOOLEAN>]
--metrics-enabled=true
WEB3SIGNER_METRICS_ENABLED=true
metrics-enabled: true
Enables the metrics exporter.
The default is false
.
metrics-host
- Syntax
- Example
- Environment variable
- Configuration file
--metrics-host=<HOST>
--metrics-host=186.10.10.1
WEB3SIGNER_METRICS_HOST=186.10.10.1
metrics-host: "186.10.10.1"
The host on which Prometheus accesses metrics.
The default is 127.0.0.1
.
metrics-port
- Syntax
- Example
- Environment variable
- Configuration file
--metrics-port=<PORT>
--metrics-port=6174
WEB3SIGNER_METRICS_PORT=6174
metrics-port: 6174
The port (TCP) on which Prometheus accesses metrics.
The default is 9001
.
metrics-category
- Syntax
- Example
- Environment variable
- Configuration file
--metrics-category=<metrics-category>[,metrics-category...]...
--metrics-category=HTTP,SIGNING,JVM
WEB3SIGNER_METRICS_CATEGORY=HTTP,SIGNING,JVM
metrics-category: ["HTTP", "SIGNING", "JVM"]
A comma-separated list of categories for which to track metrics.
The defaults are HTTP
, SIGNING
, FILECOIN
, ETH2_SLASHING_PROTECTION
, JVM
, PROCESS
.
metrics-host-allowlist
- Syntax
- Example
- Environment variable
- Configuration file
--metrics-host-allowlist=<hostname>[,<hostname>...]... or "*"
--metrics-host-allowlist=medomain.com,meotherdomain.com
WEB3SIGNER_METRICS_HOST_ALLOWLIST=medomain.com,meotherdomain.com
metrics-host-allowlist: ["medomain.com", "meotherdomain.com"]
A comma-separated list of hostnames to allow access to the Web3Signer metrics.
By default, Web3Signer accepts access from localhost
and 127.0.0.1
.
To allow all hostnames, use "*"
.
We don't recommend allowing all hostnames for production environments.
swagger-ui-enabled
- Syntax
- Example
- Environment variable
- Configuration file
--swagger-ui-enabled[=<BOOLEAN>]
--swagger-ui-enabled
WEB3SIGNER_SWAGGER-UI_ENABLED=true
swagger-ui-enabled: true
Set to true to interact with APIs using Swagger UI.
The default is false
.
Access Swagger UI at http:<interface>:<port>/swagger-ui
where:
interface
is specified using--http-listen-host
.port
is specified usinghttp-listen-port
.
The default location is http://localhost:9000/swagger-ui
.
tls-keystore-file
- Syntax
- Example
- Environment variable
- Configuration file
--tls-keystore-file=<keystoreFile>
--tls-keystore-file=/Users/me/my_node/certificate.pfx
WEB3SIGNER_TLS_KEYSTORE_FILE=/Users/me/my_node/certificate.pfx
tls-keystore-file: "/Users/me/my_node/certificate.pfx"
PKCS #12 formatted keystore. Used to enable TLS for client connections.
tls-keystore-password-file
- Syntax
- Example
- Environment variable
- Configuration file
--tls-keystore-password-file=<passwordFile>
--tls-keystore-password-file=/Users/me/my_node/password.txt
WEB3SIGNER_TLS_KEYSTORE_PASSWORD_FILE=/Users/me/my_node/password.txt
tls-keystore-password-file: "/Users/me/my_node/password.txt"
Password file used to decrypt the keystore.
tls-allow-any-client
- Syntax
- Example
- Environment variable
- Configuration file
--tls-allow-any-client=<BOOLEAN>
--tls-allow-any-client=true
WEB3SIGNER_TLS_ALLOW_ANY_CLIENT=true
tls-allow-any-client: true
Allows any client to connect.
The default is false
.
You can't use this option with --tls-allow-ca-clients
and
--tls-known-clients-file
.
tls-known-clients-file
- Syntax
- Example
- Environment variable
- Configuration file
--tls-known-clients-file=<clientsFile>
--tls-known-clients-file=/Users/me/my_node/knownClients.txt
WEB3SIGNER_TLS_KNOWN_CLIENTS_FILE=/Users/me/my_node/knownClients.txt
tls-known-clients-file: "/Users/me/my_node/knownClients.txt"
File containing the Common Names and SHA-256 fingerprints of authorized clients.
tls-allow-ca-clients
- Syntax
- Environment variable
- Configuration file
--tls-allow-ca-clients
WEB3SIGNER_TLS_ALLOW_CA_CLIENTS
tls-allow-ca-clients
Allows clients signed with trusted CA certificates to connect.
help
-h, --help
Displays the help and exits.
version
-V, --version
Displays the version and exits.