Skip to content
You are reading EthSigner development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Multikey Parameters

The optional [metadata] section in the TOML files contains data that is not required by EthSigner. The [signing] section contains the parameters required for the signing type.


All parameters in the [signing] section are mandatory.

File-based Signing


createdAt = 1994-11-05T08:15:30-05:00
description = "Example of a File based configuration"

type = "file-based-signer"
key-file = "/Users/me/project/78e6e236592597c09d5c137c2af40aecd42d12a2.key"
password-file = "/Users/me/project/78e6e236592597c09d5c137c2af40aecd42d12a2.password"


EthSigner supports absolute paths or relative paths when specifying key-file and password-file. Relative paths are relative to the directory specified in the multikey-signer --directory subcommand.

Key Description
type Type of key signing. Use file-based-signer
key-file V3 keystore file containing the key with which transactions are signed
password-file File containing the password for the key with which transactions are signed.

Hashicorp Vault Signing


createdAt = 2019-07-01T12:11:30Z
description = "Example of a valid Hashicorp based configuration"

type = "hashicorp-signer"
signing-key-path = "/secret/data/ethsignerKey"
host = "localhost"
port = 9001
auth-file = "/Users/me/project/hashicorp_auth"
timeout = 500
tls-known-server-file = "/Users/me/project/knownHashicorpServers"


EthSigner supports an absolute path or relative path when specifying auth-file. The relative path is relative to the directory specified in the multikey-signer --directory subcommand.

Key Description
type Type of key signing. Use hashicorp-signer
signing-key-path Path to secret in the Hashicorp Vault containing the private key for signing transactions
host Host of the Hashicorp Vault server
port Port of the Hashicorp Vault server
auth-file File containing authentication data for Hashicorp Vault. The authentication data is the root token displayed by the Hashicorp Vault server
timeout Timeout in milliseconds for requests to the Hashicorp Vault server
tls-enabled Enable or disable TLS. Defaults to true
tls-known-server-file Path to the file containing a list of trusted Hashicorp Vault servers

Azure Key Vault Signing


createdAt = 2011-11-01T12:15:30Z
description = "Example of an Azure Key Vault based configuration"

type = "azure-signer"
key-vault-name = "AzureKeyVault"
key-name = "ethsignerKey"
key-version = "7c01fe58d68148bba5824ce418241092"
client-id = "47efee5c-8079-4b48-31bb4f2e9a22"
client-secret = "TW_3Uc/HLPdpLp5*om@MGcd1T29MuP*5"
Key Description
type Type of key signing. Use azure-signer
key-vault-name Name of the vault to access. Sub-domain of
key-name Name of key to be used
key-version Version of the specified key
client-id ID used to authenticate with Azure Key Vault
client-secret Secret used to access the vault
ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can discuss issues and obtain free support on EthSigner Discord channel.
For paid professional support by Consensys, contact us at