Note – This tutorial is built for Eris versions >= 0.11.1.

Unless you have a different configuration than our standard, admittedly opinionated, pathway then you will be running the eris-keys signing server inside of a container. This means that you need to be able to import and export your keys. This tutorial covers the existing eris keys commands and working with keys vis-a-vis containers on the eris platform.

Note – This is a reminder to treat Docker containers as ephemeral. Even with data containers, you do not want to keep important things inside a container without backups. Just as you would not keep any other important files in one location without a backup.

Start keys container

If you don’t have one already running…

eris services start keys

Generate a key

eris keys gen

That will create a non safe (but easy for development) key. You’ll see an address output that looks like: ECD053462FF7B4B6C5003AA5E3549C3A93DB41E6. Since the key is in the keys data container, you’ll need to export it to host. See it in the container with:

eris keys ls --container

The same address as above should be output.

Exporting a key

Note: If you have many keys to export (or import), the --all flag is now available for both commands.

Exporting your key to the host is quite easy:

eris keys export ADDR

What this does is take the contents (a key) from /home/eris/.eris/keys/data/ADDR in the container and copies it to ~/.eris/keys/data/ADDR. This is the simplest way to backup your key to the default keys path. Check that it is there with:

eris keys ls --host


ls ~/.eris/keys/data

That’s it. Now it’s in the right position on your host. Opptionally, to export all keys from the keys container you can use the data command:

eris data export keys /home/eris/.eris/keys/data ~/.eris/keys

To import a key we do the reverse.

Importing a key

eris keys import ADDR

This command will take ~/.eris/keys/data/ADDR from the host and copy it to /home/eris/.eris/keys/data/ADDR in an existing container. It is useful to “loading” backed-up keys into a container that will be used in deployement. Note: --all can be used here as well.

Get pubkey

Returns a pubkey; used for making genesis files.

eris keys pub ADDR

Convert key to tendermint format

This command will soon be deprecated in favour of adding a pubkey to config.toml rather than loading a priv_validator.json on eris chains new. In the meantime, it takes an eris-keys format key and converts it to a tendermint format priv validator.

eris keys convert ADDR

The latter two commands require ADDR in the running keys container.

Under the hood

All the above commands wrap either eris services exec keys "CMD" or eris data import/export keys SRC DEST, which executes the necessary commands within a docker container. The following is a comparison.

eris services exec keys "eris-keys gen --no-pass"
eris services exec keys "ls /home/eris/.eris/keys/data"
eris data export keys /home/eris/.eris/keys/data/ADDR ~/.eris/keys/data/ADDR
eris data import keys ~/.eris/keys/data/ADDR /home/eris/.eris/keys/data/ADDR
eris services exec keys "eris-keys pub --addr ADDR"
eris services exec keys "mintkey mint ADDR"

compared to:

eris keys gen
eris keys ls --container
eris keys export ADDR
eris keys import ADDR
eris keys pub ADDR
eris keys convert ADDR

Yay Docker.

Let us know if there are another other useful keys command features you’d like in this Github issue.

Edit this page