Setting up your Ethereum Bridge Relayer

Step 0: Configure your Peggo relayer#

mkdir ~/.peggo
cp testnet-config/staking/40013/peggo-config.env ~/.peggo/.env
cd ~/.peggo

First, update the PEGGO_ETH_RPC in the .env file with a valid Kovan EVM RPC Endpoint.

To create your own Kovan full node, you can follow our instructions here. It's possible to use Alchemy or Infura RPC, but keep in mind that Peggo bridge is still under development and request amount it makes to RPC is not optimized. Make sure it wouldn't incur high costs on your account.

Peggo also requires access to your validator's Cosmos and Ethereum credentials to sign transactions for the corresponding networks.

Cosmos Keys#

There are two ways to provide the credential access - a keyring with encrypted keys, or just private key in plaintext.

1. Cosmos Keyring

Update the PEGGO_COSMOS_FROM to your validator key name (or account address) and PEGGO_COSMOS_FROM_PASSPHRASE to your Cosmos Keyring passphrase. Please note that the default keyring backend is file and it will try to locate keys on disk.

Keyring path must be pointing to homedir of your injectived node, if you want reuse the keys from there.

Learn more about Cosmos Keyring setup here.

2. Cosmos Private Key (Unsafe)

Simply update the PEGGO_COSMOS_PK with your Validator's Account private key.

To obtain your validator's Cosmos private key, run injectived keys unsafe-export-eth-key $VALIDATOR_KEY_NAME.

This method is insecure and is not recommended.

Ethereum Keys#

There are two ways to provide the credential access - a Geth keystore with encrypted keys, or just private key in plaintext.

1. Geth Keystore

Simply create a new private key store and update the following env variables:

  • PEGGO_ETH_KEYSTORE_DIR
  • PEGGO_ETH_FROM
  • PEGGO_ETH_PASSPHRASE

You can find instructions for securely creating a new Ethereum account using a keystore in the Geth Documentation here.

Example is provided below.

geth account new --datadir=/home/ec2-user/.peggo/data/
INFO [03-23|18:18:36.407] Maximum peer count ETH=50 LES=0 total=50
Your new account is locked with a password. Please give a password. Do not forget this password.
Password:
Repeat password:
Your new key was generated
Public address of the key: 0x9782dc957DaE6aDc394294954B27e2118D05176C
Path of the secret key file: /home/ec2-user/.peggo/data/keystore/UTC--2021-03-23T15-18-44.284118000Z--9782dc957dae6adc394294954b27e2118d05176c
- You can share your public address with anyone. Others need it to interact with you.
- You must NEVER share the secret key with anyone! The key controls access to your funds!
- You must BACKUP your key file! Without the key, it's impossible to access account funds!
- You must REMEMBER your password! Without the password, it's impossible to decrypt the key!

Now you can set env variables like this:

PEGGO_ETH_KEYSTORE_DIR=/home/ec2-user/.peggo/data/keystore
PEGGO_ETH_FROM=0x9782dc957DaE6aDc394294954B27e2118D05176C
PEGGO_ETH_PASSPHRASE=12345678

Then ensure that your Ethereum addresss has Kovan ETH. You can easily request Kovan ETH from the public faucet here.

2. Ethereum Private Key (Unsafe)

Simply update the PEGGO_ETH_PK with a new Ethereum Private Key from a new account.

Then ensure that your Ethereum addresss has Kovan ETH. You can easily request Kovan ETH from the public faucet here.

Step 1: Register Your Ethereum Address#

cd ~/.peggo
peggo tx register-eth-key

You can verify successful registration by checking for your Validator's mapped Ethereum address on https://staking-lcd.injective.network/peggy/v1/valset/current.

Step 2: Start the Relayer#

peggo orchestrator

This starts the Peggo bridge (relayer / orchestrator).

Step 3: Create a Peggo systemd service#

Add peggo.service file with below content under /etc/systemd/system/peggo.service

[Unit]
Description=peggo
[Service]
WorkingDirectory=/home/ec2-user/.peggo
ExecStart=/bin/bash -c 'peggo orchestrator '
Type=simple
Restart=always
RestartSec=1
User=ec2-user
[Install]
WantedBy=multi-user.target

Then run the following commands to configure Environment variables, start and stop the peggo relayer.

sudo systemctl start peggo
sudo systemctl stop peggo
sudo systemctl restart peggo
sudo systemctl status peggo
# enable start on system boot
sudo systemctl enable peggo
# To check Logs
journalctl -f -u peggo

Step 4: (Optional) Protect Cosmos Keyring from unauthorized access#

important

This is an advanced DevOps topic, consult with your sysadmin.

Learn more about Cosmos Keyring setup here. Once you've launched your node, the default keyring will have the validator operator key stored on disk in the encrypted form. Usually the keyring is located within node's homedir, i.e. ~/.injectived/keyring-file.

Some sections of the Injective Staking documentation will guide you through using this key for governance purposes, i.e. submitting transactions and setting up an Ethereum bridge. In order to protect the keys from unauthorized access, even when the keyring passphrase is leaked via configs, you can set OS permissions to allow disk access to injectived / peggo processes only.

In Linux systems like Debian, Ubuntu and RHEL, this can be achieved using POSIX Access Control Lists (ACLs). Before beginning to work with ACLs, the file system must be mounted with ACLs turned on. There are some official guides for each distro:

Step 5: (Optional) Contribute!#

If you'd like to inspect the Peggo orchestrator source code and contribute, you can do so at https://github.com/InjectiveLabs/peggo.

Last updated on