Skip to content
Containment Chamber

Validator Client Integration

Switch to normal mode

Containment Chamber implements the Web3Signer signing API, so any validator client that supports Web3Signer works out of the box. Point your client at the signer URL and you’re done.

Signer URL

Section titled “Signer URL”

The URL format depends on whether you’ve configured signing authorization.

# No auth
http://signer:9000


# With auth token (HTTP Basic)
http://x:your-token-here@signer:9000

Client Configuration

Section titled “Client Configuration”

Each validator client has its own CLI flag for the remote signer URL. Pick your client below.

Terminal window
lighthouse vc \
  --beacon-node http://beacon:5052 \
  --web3-signer-url http://x:your-token@signer:9000

Without auth:

Terminal window
lighthouse vc \
  --beacon-node http://beacon:5052 \
  --web3-signer-url http://signer:9000

Key Loading

Section titled “Key Loading”

Validator clients don’t need local keystores when using a remote signer. Containment Chamber loads keys from its own keystore directories and exposes them through the /api/v1/eth2/publicKeys endpoint. Your validator client fetches the key list automatically.

If you need to add or remove keys at runtime, see the Key Manager API documentation.

Multi-Tenant Setups

Section titled “Multi-Tenant Setups”

Running multiple validator clients against a single Containment Chamber instance? Configure signing authorization to give each client its own token with per-key and per-operation restrictions. This prevents one client from signing with another client’s keys.

Each client simply uses its own token in the URL:

# Client A
http://x:client-a-token@signer:9000


# Client B
http://x:client-b-token@signer:9000

See the Signing Authorization guide for full configuration details.