Alternative Key Management

Validator keystores don’t need to be stored locally—you may prefer to manage them externally for better security or flexibility.

This section covers three alternatives:

Remote Signer → – Use external signing services (like Web3Signer ↗) while keeping validator keys isolated from the Operator Service.

HashiCorp Vault → – Store validator signing keys in HashiCorp Vault instead of local files.

Relayer (API Mode) → – External service manages validator keystores and signs operations with the Validators Manager wallet via API calls.