Documentation
Search…
keosd

Introduction

keosd is a key manager service daemon for storing private keys and signing digital messages. It provides a secure key storage medium for keys to be encrypted at rest in the associated wallet file. keosd also defines a secure enclave for signing transaction created by cleos or a third part library.

Operation

When a wallet is unlocked with the corresponding password, cleos can request keosd to sign a transaction with the appropriate private keys.

Audience

keosd is intended to be used by developers only.

Keosd Usage

Recommended Usage For most users, the easiest way to use keosd is to have cleos launch it automatically. Wallet files will be created in the default directory (~/eosio-wallet).

Launching keosd manually

keosd can be launched manually from the terminal by running:
1
$ keosd
Copied!
By default, keosd creates the folder ~/eosio-wallet and populates it with a basic config.ini file. The location of the config file can be specified on the command line using the --config-dir argument. The configuration file contains the HTTP server endpoint for incoming HTTP connections and other parameters for cross-origin resource sharing.

Auto-locking

By default, keosd is set to lock your wallet after 15 minutes of inactivity. This is configurable in the config.ini by setting the timeout seconds in unlock-timeout. Setting it to 0 will cause keosd to always lock your wallet.

Stopping keosd

The most effective way to stop keosd is to find the keosd process and send a SIGTERM signal to it.

Other options

For a list of all commands known to keosd, simply run it with no arguments:
1
$ keosd --help
Copied!
1
Application Options:
2
Config Options for eosio::http_plugin:
3
--unix-socket-path arg (=keosd.sock) The filename (relative to data-dir) to
4
create a unix socket for HTTP RPC; set
5
blank to disable.
6
--http-server-address arg The local IP and port to listen for
7
incoming http connections; leave blank
8
to disable.
9
--https-server-address arg The local IP and port to listen for
10
incoming https connections; leave blank
11
to disable.
12
--https-certificate-chain-file arg Filename with the certificate chain to
13
present on https connections. PEM
14
format. Required for https.
15
--https-private-key-file arg Filename with https private key in PEM
16
format. Required for https
17
--access-control-allow-origin arg Specify the Access-Control-Allow-Origin
18
to be returned on each request.
19
--access-control-allow-headers arg Specify the Access-Control-Allow-Header
20
s to be returned on each request.
21
--access-control-max-age arg Specify the Access-Control-Max-Age to
22
be returned on each request.
23
--access-control-allow-credentials Specify if Access-Control-Allow-Credent
24
ials: true should be returned on each
25
request.
26
--max-body-size arg (=1048576) The maximum body size in bytes allowed
27
for incoming RPC requests
28
--http-max-bytes-in-flight-mb arg (=500)
29
Maximum size in megabytes http_plugin
30
should use for processing http
31
requests. 503 error response when
32
exceeded.
33
--verbose-http-errors Append the error log to HTTP responses
34
--http-validate-host arg (=1) If set to false, then any incoming
35
"Host" header is considered valid
36
--http-alias arg Additionaly acceptable values for the
37
"Host" header of incoming HTTP
38
requests, can be specified multiple
39
times. Includes http/s_server_address
40
by default.
41
--http-threads arg (=2) Number of worker threads in http thread
42
pool
43
Config Options for eosio::wallet_plugin:
44
--wallet-dir arg (=".") The path of the wallet files (absolute
45
path or relative to application data
46
dir)
47
--unlock-timeout arg (=900) Timeout for unlocked wallet in seconds
48
(default 900 (15 minutes)). Wallets
49
will automatically lock after specified
50
number of seconds of inactivity.
51
Activity is defined as any wallet
52
command e.g. list-wallets.
53
--yubihsm-url URL Override default URL of
54
http://localhost:12345 for connecting
55
to yubihsm-connector
56
--yubihsm-authkey key_num Enables YubiHSM support using given
57
Authkey
58
Application Config Options:
59
--plugin arg Plugin(s) to enable, may be specified
60
multiple times
61
Application Command Line Options:
62
-h [ --help ] Print this help message and exit.
63
-v [ --version ] Print version information.
64
--print-default-config Print default configuration template
65
-d [ --data-dir ] arg Directory containing program runtime
66
data
67
--config-dir arg Directory containing configuration
68
files such as config.ini
69
-c [ --config ] arg (=config.ini) Configuration file name relative to
70
config-dir
71
-l [ --logconf ] arg (=logging.json) Logging configuration file name/path
72
for library users
Copied!
Last modified 1yr ago