Validator Credentials
The setup of a validator requires the coordination of multiple credentials, passwords, and files, each playing an individual role in the lifecycle of validation and staking. Understanding them is important, both for the initial setup and for maintaining secure operation and recovery over the long-term.
Negligent handling of credentials could result in lost funds, missed rewards, or permanent loss of validator access.
| Name | Description |
|---|---|
| A set of 12 or 24 words used to derive your validator deposit keys and deposit data. It's the most critical credential you must protect. Anyone accessing it can regenerate your validator setup and steal your staked LYX. If lost, you cannot restore your validator keys. Store it securely, preferably offline and in multiple physical backups. → Wagyu Key Generation, CLI Key Generation | |
| Your validator private key, stored within a keystore file, is necessary for starting the validating procedure and should be safely kept. It can be recreated if it is lost using your validator mnemonic seed. However, if stolen, an adversary can use your validator and reap the rewards attached to it. → Wagyu Key Generation, CLI Key Generation , Validator Configuration | |
| Individual validator keystore files are encrypted by a password. Decrypting them when importing validator keys into the validator client is necessary. You can use one password per key or reuse one password for multiple keys, depending on your security needs. This password should be stored securely, much like you would for a wallet password. → Wagyu Key Generation, CLI Key Generation, Validator Configuration | |
| The public key and the validator's signature are placed into a JSON file that is used within the deposit process to register the validator on-chain. While this file is necessary to register for staking, it is not secret. However, people could count the total number of validators form the file to plan potentially worthwhile attacks. → Wagyu Key Generation, CLI Key Generation , Launchpad Walkthrough | |
| A strong and unique password that provides safe access to the wallet holding your validator deposit keys. It is required on every startup of the validator client. → Validator Configuration , Service Automation | |
| The address of an Ethereum account to which the staking rewards from consensus are automatically transferred. This address will also be the recipient for the returning stake when leaving the network. Once it got set for the validator key on-chain, it cannot be updated. Therefore, it should be kept under long-term control using secure backups or by deriving it from a hardware wallet. → Wagyu Key Generation, CLI Key Generation , Adding Withdrawals | |
| The address of an Ethereum account used for receiving the transaction fees and tips earned as a validator has a purpose. If you have only one account for managing all rewards, this address can match the validator withdrawal address. → Validator Configuration , Service Automation |
Never disclose or share your Validator Mnemonic Seed. It is the source of your entire set of staking credentials. If a hacker gets access to it, they can recreate your deposit keys and steal your validator, your staked coins, or harm you by running a second node to drain your stake. Once you lose access, your validator and coins cannot be recovered. Therefore, store it offline, redundantly, and securely.
For more details about earnings and withdrawals, check the Tokenomics and Proof of Stake pages in the 🧠 Theory section.