JWT secret

What is and how to

The JWT secret is a key that allows Ethereum entities to securely validate JWTs used for authentication, authorization, and transmitting information, like a passphrase that allows Ethereum nodes/servers to verify if requests are legitimate. It should be protected and not exposed publicly.

JWT stands for JSON Web Token, and it is a way to securely transmit information between parties as a JSON object. The JWT contains a header, payload, and signature, generated by encrypting the header and payload with a secret.

In Ethereum, JWTs can be used to validate transactions or API calls. The Ethereum node or API server would have the JWT secret stored locally. When a JWT is received, the node/server uses the same secret to generate a signature from the header and payload.

If the newly generated signature matches the one in the JWT, it proves the JWT is valid and comes from an authorized source in possession of the secret. Different nodes/servers would have different secrets allowing them to verify the JWTs intended for them.

More information here:

https://github.com/ethereum/execution-apis/blob/main/src/engine/authentication.md

Erigon JWT secret

Erigon creates automatically a JWT secret upon launch.

By default, the JWT secret key is located in the datadir as jwt.hex, and its path can be specified with the --authrpc.jwtsecret flag.

Both Erigon and the Beacon Chain need to point to the samejwtsecret file.