Adding a New Validator to an Existing Setup with Existing Seed Words
Scenario: Genesis block is long passed and now you would like to add more validators with your existing mnemonic seed.
✅ Requirements
Before continuing please have the following ready:
Existing 24 word validator mnemonic phrase
Existing keystore password
ETH Withdrawal Address from your hardware wallet
Optional Step 0: Cleanup leftover validator_keys
Verify that you have backups of validator_keys directory. The contents are the keystore files.
Having backup copies of your validator_keys directory on USB media can make recovery from node problems quicker. Validator keys can always be regenerated from secret recovery mnemonic phrase.
Step 1: Create new deposit_data json file and new validator_keys
In this example, using the staking-deposit-cli tool, you can add more validators by creating a new deposit data file and validator_keys
Security recommendation reminder: For best security practices, key management and other activities where you type your 24 word mnemonic seed should be completed on an air-gapped offline cold machine booted from USB drive.
Reminder to use the same keystore password as existing validators.
For example, in case we originally created 3 validators but now wish to add 5 more validators, we could use the following command.
# Generate from an existing mnemonic 5 more validators when 3 were previously already made
./deposit existing-mnemonic \
--validator_start_index 3 \
--num_validators 5 \
--chain mainnet \
--execution_address <ETH_ADDRESS_FROM_HARDWARE_WALLET>
Flag
Description
--validator_start_index
Number of validators you ALREADY created
--num_validators
Number of NEW validators you want to create
--chain
Options: mainnet holesky goerli
--execution_address
Critically important: Your Ethereum Address from a Hardware Wallet.
Withdrawals will be sent to this address. If you stop validating and exit your validator, your 32 ETH will be sent here.
This ETH withdrawal address is one such that you control the private keys to, ideally one from a hardware wallet.
Check your logs to confirm that the validator clients are up and functioning.
sudo journalctl -fu validator | ccze
For example when using 2 validators, logs will show the following:
info: 100% of local keystores imported. current=2 total=2 rate=975.61keys/m
info: 2 local keystores
info: 0x82b225f66476962b161ed015786df00a0b7b28231915e6d09e81ba8d5c4ae8502b6d5337e3bf101ad72741dc69f0a7cf
info: 0x95d39860a0d6ea3b92cba78069d21f3a987988f3b8417b14f0945353d79ed9e338bbe6e9d63d487abc044a710ce34866
Press Ctrl + C to exit the logs.
Option 1: For standalone validator
Stop your Teku client.
sudo systemctl stop validator
Storing your keystore password in a text file is required so that Teku can decrypt and load your validators automatically.
Create a temporary file to store your keystore password. Type your password in this file.
sudo nano $HOME/validators-password.txt
To exit and save, press Ctrl + X, then Y, then Enter.
Confirm that your keystore password is correct.
sudo cat $HOME/validators-password.txt
Run the following command to create a corresponding password file for every one of your validators.
for f in $HOME/staking-deposit-cli/validator_keys/keystore*.json; do sudo cp $HOME/validators-password.txt $HOME/staking-deposit-cli/validator_keys/$(basename $f .json).txt; done
Check your logs to confirm that the validators are up and functioning.
sudo journalctl -fu validator | ccze
For example when using 2 validators, logs will show the following:
INFO - Loading 2 validator keys...
INFO - Loaded 2 Validators: 95d3986, 82b225f
Option 2: For Combined CL+VC
Stop your Teku client.
sudo systemctl stop consensus
Storing your keystore password in a text file is required so that Teku can decrypt and load your validators automatically.
Create a temporary file to store your keystore password. Type your password in this file.
sudo nano $HOME/validators-password.txt
To exit and save, press Ctrl + X, then Y, then Enter.
Confirm that your keystore password is correct.
sudo cat $HOME/validators-password.txt
Run the following command to create a corresponding password file for every one of your validators.
for f in $HOME/staking-deposit-cli/validator_keys/keystore*.json; do sudo cp $HOME/validators-password.txt $HOME/staking-deposit-cli/validator_keys/$(basename $f .json).txt; done
Finally, restart Nimbus to use the new validators.
sudo systemctl restart consensus
Check your logs to confirm that the validators are up and functioning.
sudo journalctl -fu consensus | ccze
For example when using 2 validators, logs will show the following:
Loading validators topics="beacval" validatorsDir=/var/lib/nimbus/validators keystore_cache_available=true
Local validator attached topics="val_pool" pubkey=95d39860a0d6ea3b92cba78069d21f3a validator=95d39860 initial_fee_recipient=81ba8d5c4ae850
Local validator attached topics="val_pool" pubkey=82b225f66476962b161ed015786df00f validator=82b225f6 initial_fee_recipient=81ba8d5c4ae850
Stop your validator client.
sudo systemctl stop validator
Import your validator keys by importing your keystore file. When asked to create a new wallet password, enter your keystore password. When prompted for the imported accounts password, enter your keystore password again.
cd /usr/local/bin/prysm
sudo bazel run //validator:validator -- accounts import \
--accept-terms-of-use \
--mainnet \
--wallet-dir=/var/lib/prysm/validators \
--keys-dir=$HOME/staking-deposit-cli/validator_keys
Verify that your keystore file was imported successfully.
If using Binaries,
sudo /usr/local/bin/validator accounts list \
--wallet-dir=/var/lib/prysm/validators \
--mainnet
If Built from Source,
cd /usr/local/bin/prysm
sudo bazel run //validator:validator -- accounts list \
--wallet-dir=/var/lib/prysm/validator \
--mainnet
Once successful, you will be shown your validator's public key. For example:
Showing 2 validator accounts
View the eth1 deposit transaction data for your accounts by running `validator accounts list --show-deposit-data`
Account 0 | gently-learning-chamois
[validating public key] 0x95d39860a0d6ea3b92cba78069d21f3a987988f3b8417b14f0945353d79ed9e338bbe6e9d63d487abc044a710ce34866
Account 1 | presumably-powerful-lynx
[validating public key] 0x82b225f66476962b161ed015786df00a0b7b28231915e6d09e81ba8d5c4ae8502b6d5337e3bf101ad72741dc69f0a7cf
Setup ownership permissions, including hardening the access to this directory.
Finally, restart Prsym validator to use the new validators.
sudo systemctl restart validator
Check your logs to confirm that the validator clients are up and functioning.
sudo journalctl -fu validator | ccze
For example when using 2 validators, logs will show the following:
level=info msg="Validating for public key" prefix=validator publicKey=0x95d39860a0d6
level=info msg="Validating for public key" prefix=validator publicKey=0x82b225f66476
Step 4: Backup and Delete validator_keys directory
Make backup copies of your validator_keys directory to USB media or other devices. These validator keys can always be regenerated from secret recovery mnemonic phrase.
Step 5: Estimate when your new validator becomes active
Your additional validators are now in the activation queue waiting their turn. Check the "Entry Queue" for your estimated wait time at https://www.validatorqueue.com
In the below example, the wait time was approximately 11 days, 1 hour until a new validator became active.
