Quick Start

Get signing in under 5 minutes. This guide walks you through creating a minimal configuration, loading keys, and connecting to a validator client.

Step 1 — Create a config file

Create a config.yaml with the minimal settings needed to run:

server:
  listen_address: "0.0.0.0"
  listen_port: 9000

key_sources:
  filesystem:
    paths:
      - ./keystores

antislashing:
  backend: sqlite
  path: ./slashing-protection.sqlite

Step 2 — Add a keystore

Create the keystores directory and add your validator keys:

mkdir -p ./keystores

Place your key files in this directory. Containment Chamber supports multiple formats:

Raw hex — plain private key files
EIP-2335 keystores — PBKDF2 or Scrypt encrypted JSON keystores

See the Configuration reference for details on keystore directory structure and password files.

Step 3 — Start the signer

Launch Containment Chamber with your config file:

containment-chamber -c config.yaml

You should see startup logs indicating the server is listening on port 9000 and your keys have been loaded.

Step 4 — Verify it’s running

Check the health endpoint and list loaded keys:

# Health check
curl http://localhost:9000/upcheck
# Expected: 200 OK

# List loaded validator public keys
curl http://localhost:9000/api/v1/eth2/publicKeys
# Expected: JSON array of loaded keys

Step 5 — Connect to Lighthouse

Point your validator client at the signer. Here’s an example with Lighthouse:

lighthouse vc \
  --beacon-node http://localhost:5052 \
  --validators-dir ./validators \
  --web3-signer-url http://localhost:9000

Next steps

Docker deployment — run with Docker or Docker Compose
Anti-Slashing — configure PostgreSQL for multi-instance protection
Signing Authorization — set up per-key, per-operation access control
Configuration reference — full list of options, env vars, and CLI flags