🦦
Erigon 2 Documentation
  • Welcome to Erigon 2
    • Disclaimer
    • Project Links
  • ELI5 NODES
    • How to run an Ethereum node
    • How to run a Gnosis Chain node
    • How to run a Polygon node
  • Basic usage
    • Getting started
      • Linux and MacOS
      • Windows
      • Docker
    • Usage
      • Type of Node
    • Upgrading from a previous version
    • Supported Networks
    • Default Ports and Firewalls
    • Otterscan
    • Wallet
  • Advanced Usage
    • Configure Erigon
    • Consensus Layer
      • Prysm
      • Lighthouse
      • JWT secret
      • Block production
    • Options
    • RPC daemon
    • TxPool
    • Sentry
    • Downloader
    • TLS Authentication
    • ❔FAQ
    • External resources
      • Erigon on a Raspberry Pi 4
  • DIAGNOSTIC TOOL
    • Introduction
    • Installation
    • Setup
    • User Interface
  • About
    • Contributing to Erigon
    • Donate
    • License
    • Privacy policy
Powered by GitBook
On this page

Was this helpful?

  1. Advanced Usage
  2. Consensus Layer

JWT secret

What is and how to

Last updated 8 months ago

Was this helpful?

The JWT secret is a key that allows Ethereum entities to securely validate JWTs used for authentication, authorization, and transmitting information, like a passphrase that allows Ethereum nodes/servers to verify if requests are legitimate. It should be protected and not exposed publicly.

JWT stands for JSON Web Token, and it is a way to securely transmit information between parties as a JSON object. The JWT contains a header, payload, and signature, generated by encrypting the header and payload with a secret.

In Ethereum, JWTs can be used to validate transactions or API calls. The Ethereum node or API server would have the JWT secret stored locally. When a JWT is received, the node/server uses the same secret to generate a signature from the header and payload.

If the newly generated signature matches the one in the JWT, it proves the JWT is valid and comes from an authorized source in possession of the secret. Different nodes/servers would have different secrets allowing them to verify the JWTs intended for them.

More information here:

Erigon JWT secret

Erigon creates automatically a JWT secret upon launch.

By default, the JWT secret key is located in the datadir as jwt.hex, and its path can be specified with the --authrpc.jwtsecret flag.

Both Erigon and the Beacon Chain need to point to the samejwtsecret file.

https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md