Managing Credentials
Your Local Blockchain uses a validator (private) key for block production that is randomly generated on each setup. This page covers credential management and security over that key.
Security Model
We prioritize security by:
- Not accepting imported private keys - reduces risk of key exposure
- Generating fresh keys locally - ensures uniqueness
- Limiting key operations - only reveal, never import
This design choice means we’re not responsible for your private keys beyond initial generation.
Revealing Validator Address
To see your validator’s public information:
pnpm --filter local-blockchain run reveal:addressThis shows:
- Ethereum address
- Public key
Safe to share these publicly.
Revealing Private Key
⚠️ EXTREME CAUTION REQUIRED ⚠️
To reveal the validator’s private key:
pnpm --filter local-blockchain run reveal:keyThis command:
- Shows security warnings
- Requires explicit confirmation
- Displays the private key temporarily
- Auto-hides after 20 seconds
- Clears terminal history
Security Features
- Countdown Timer: Key visible for limited time
- Terminal Clearing: Automatic cleanup after display
- Interrupt Handling: Ctrl+C clears screen immediately
- No Logging: Key never written to files
When You Might Need This
- Importing validator to wallets
- Debugging transaction signing
- Manual transaction creation
- Key backup (do this securely!)
Key Storage
- Plaintext key (without
0xprefix) →config/keys/validator.key .envstoresVALIDATOR_PRIVATE_KEY/VALIDATOR_ADDRESSVALIDATOR_ACCOUNT_BALANCEcontrols the validator prefund in genesis
pnpm --filter local-blockchain run clean deletes all of the above. Run setup again to rotate the validator.
Best Practices
- Never share private keys – Not in code, chat, or emails
- Use test keys only – These are for development only
- Rotate regularly – Run clean and setup for fresh keys
- Secure backups – If you must backup, use encrypted storage
Last updated on