Step 1: Configure your Peggo relayer
cp mainnet-config/10001/peggo-config.env ~/.peggo/.env
First, update the
PEGGO_ETH_RPC in the
.env file with a valid Ethereum EVM RPC Endpoint.
To create your own Ethereum full node, you can follow our instructions here. It's possible to use an external Ethereum RPC provider such as Alchemy or Infura, but keep in mind that the Peggo bridge relayer uses heavy use of
eth_getLogs calls which may increase your cost burden depending on your provider.
Peggo also requires access to your validator's delegated Injective Chain account and Ethereum key credentials to sign transactions for the corresponding networks.
Creating your delegated Cosmos Key for sending Injective Chain transactions
Your peggo relayer can either
- Use an explicitly delegated account key specific for sending validator specific Peggy transactions (i.e.
- Simply use your validator's account key.
For isolation purposes, we recommend creating a delegated Cosmos key to send Injective Chain transactions instead of using your validator account key.
To create a new key, run
injectived keys add $ORCHESTRATOR_KEY_NAME
Then ensure that your orchestrator inj address has INJ balance.
To obtain your orchestrators's inj address, run
injectived keys list $ORCHESTRATOR_KEY_NAME
You can transfer INJ from your validator account to orchestrator address using this command
injectived tx bank send $VALIDATOR_KEY_NAME $ORCHESTRATOR_INJ_ADDRESS <amount-in-inj> --chain-id=injective-1 --keyring-backend=file --yes --node=tcp://localhost:26657 --gas-prices=500000000inj
injectived tx bank send genesis inj1u3eyz8nkvym0p42h79aqgf37gckf7szreacy9e 20000000000000000000inj --chain-id=injective-1 --keyring-backend=file --yes --node=tcp://localhost:26657 --gas-prices=500000000inj
You can then verify that your orchestrator account has INJ balances by running
injectived q bank balances $ORCHESTRATOR_INJ_ADDRESS
Managing Cosmos account keys for
Peggo supports two options to provide Cosmos signing key credentials - using the Cosmos keyring (recommended) or by providing a plaintext private key.
Option 1. Cosmos Keyring
.env file, first specify the
PEGGO_COSMOS_FROM_PASSPHRASE corresponding to your peggo account signing key.
If you are using a delegated account key configuration as recommended above, this will be your
$ORCHESTRATOR_KEY_NAME and passphrase respectively. Otherwise, this should be your
$VALIDATOR_KEY_NAME and associated validator passphrase.
Please note that the default keyring backend is
file and that as such peggo will try to locate keys on disk by default.
To use the default injectived key configuration, you should set the keyring path to the home directory of your injectived node, e.g.
You can also read more about the Cosmos Keyring setup here.
Option 2. Cosmos Private Key (Unsafe)
.env file, specify the
PEGGO_COSMOS_PK corresponding to your peggo account signing key.
If you are using a delegated account key configuration as recommended above, this will be your orchestrator account's private key. Otherwise, this should be your validator's account private key.
To obtain your orchestrator's Cosmos private key (if applicable), run
injectived keys unsafe-export-eth-key $ORCHESTRATOR_KEY_NAME
To obtain your validator's Cosmos private key (if applicable), run
injectived keys unsafe-export-eth-key $VALIDATOR_KEY_NAME
Again, this method is less secure and is not recommended.
Managing Ethereum keys for
Peggo supports two options to provide signing key credentials - using the Geth keystore (recommended) or by providing a plaintext Ethereum private key.
Option 1. Geth Keystore
Simply create a new private key store and update the following env variables:
You can find instructions for securely creating a new Ethereum account using a keystore in the Geth Documentation here.
For convience, an example is provided below.
geth account new --datadir=/home/ec2-user/.peggo/data/
INFO [03-23|18:18:36.407] Maximum peer count ETH=50 LES=0 total=50
Your new account is locked with a password. Please give a password. Do not forget this password.
Your new key was generated
Public address of the key: 0x9782dc957DaE6aDc394294954B27e2118D05176C
Path of the secret key file: /home/ec2-user/.peggo/data/keystore/UTC--2021-03-23T15-18-44.284118000Z--9782dc957dae6adc394294954b27e2118d05176c
- You can share your public address with anyone. Others need it to interact with you.
- You must NEVER share the secret key with anyone! The key controls access to your funds!
- You must BACKUP your key file! Without the key, it's impossible to access account funds!
- You must REMEMBER your password! Without the password, it's impossible to decrypt the key!
Make sure you heed the warnings that geth provides, particularly in backing up your key file so that you don't lose your keys by mistake. We also recommend not using any quote or backtick characters in your passphrase for peggo compatibility purposes.
You should now set the following env variables:
# example values, replace with your own
Then ensure that your Ethereum address has enough ETH.
Option 2. Ethereum Private Key (Unsafe)
Simply update the
PEGGO_ETH_PK with a new Ethereum Private Key from a new account.
Then ensure that your Ethereum address has ETH.
Step 2: Register Your Orchestrator and Ethereum Address
You can register orchestrator and ethereum address only once. It CANNOT be updated later. So Check twice before running below command.
injectived tx peggy set-orchestrator-address $VALIDATOR_INJ_ADDRESS $ORCHESTRATOR_INJ_ADDRESS $ETHEREUM_ADDRESS --from $VALIDATOR_KEY_NAME --chain-id=injective-1 --keyring-backend=file --yes --node=tcp://localhost:26657 --gas-prices=500000000inj
- To obtain your validator's inj address, run,
injectived keys list $VALIDATOR_KEY_NAME
- To obtain your orchestrators's inj address,
injectived keys list $ORCHESTRATOR_KEY_NAME
injectived tx peggy set-orchestrator-address inj10m247khat0esnl0x66vu9mhlanfftnvww67j9n inj1x7kvxlz2epqx3hpq6v8j8w859t29pgca4z92l2 0xf79D16a79130a07e77eE36e8067AeA783aBdA3b6 --from validator-key-name --chain-id=injective-1 --keyring-backend=file --yes --node=tcp://localhost:26657 --gas-prices=500000000inj
You can verify successful registration by checking for your Validator's mapped Ethereum address on https://lcd.injective.network/peggy/v1/valset/current.
Step 3: Start the Relayer
This starts the Peggo bridge (relayer / orchestrator).
Step 4: Create a Peggo systemd service
peggo.service file with below content under
ExecStart=/bin/bash -c 'peggo orchestrator '
Then run the following commands to configure Environment variables, start and stop the peggo relayer.
sudo systemctl start peggo
sudo systemctl stop peggo
sudo systemctl restart peggo
sudo systemctl status peggo
# enable start on system boot
sudo systemctl enable peggo
# To check Logs
journalctl -f -u peggo
Step 5: (Optional) Protect Cosmos Keyring from unauthorized access
This is an advanced DevOps topic, consult with your sysadmin.
Learn more about Cosmos Keyring setup here. Once you've launched your node, the default keyring will have the validator operator key stored on disk in the encrypted form. Usually the keyring is located within node's homedir, i.e.
Some sections of the Injective Staking documentation will guide you through using this key for governance purposes, i.e. submitting transactions and setting up an Ethereum bridge. In order to protect the keys from unauthorized access, even when the keyring passphrase is leaked via configs, you can set OS permissions to allow disk access to
peggo processes only.
In Linux systems like Debian, Ubuntu and RHEL, this can be achieved using POSIX Access Control Lists (ACLs). Before beginning to work with ACLs, the file system must be mounted with ACLs turned on. There are some official guides for each distro:
If you'd like to inspect the Peggo orchestrator source code and contribute, you can do so at https://github.com/InjectiveLabs/peggo.