Skip to main content

Accounts

The accounts object of values.yaml defines Tezos accounts used in the chart. By default no account is configured:

accounts: {}

accounts is a map where keys are account aliases and values are maps of fields key, is_bootstrap_baker_account, bootstrap_balance, signer_url protocols and operations_pool.

The key field can be set to a public or private key. For a bootstrap baker, it must be set to a private key. The key type will be recognized automatically, and the pod will fail if the key type is unexpected.

The protocols fields overrides the top-level protocols field described below and has the same syntax. This allows to set specific per-block votes per baker.

The operations_pool field instructs the baker to target a url for external mempool queries when baking a block. This is useful to run a Flashbake-capable baker. The entry is passed to baker binaries using the --operations-pool flag.

  • Public chains: Accounts do not get is_bootstrap_baker_account and bootstrap_balance fields.
  • Non-public chains: If you don't specify accounts needed by nodes, they can be created deterministically via the above setting. If specifying, accounts can be given a bootstrap balance and can also be configured to be bootstrap baker accounts. Accounts with balances set to "0" will be imported by the node but they will not be bootstrap accounts. If you don't set a bootstrap balance, it will default to the bootstrap_mutez field above.

Example:

accounts:
  baker0:
    key: edsk...
    is_bootstrap_baker_account: true
    bootstrap_balance: "50000000000000"

  baker1:
    key: edsk...
    operations_pool: http://flashbake-endpoint-baker-listener:12732
    protocols:
    - command: PtMumbai
      vote:
        liquidity_baking_toggle_vote: "on"

A public key account can contain a signer_url to a remote signer that signs with the corresponding secret key. You don't need to set this if you're deploying a tezos-k8s signer into the same namespace of its baker. See octezSigners and tacoinfraSigners fields in values.yaml to define remote signers. (You shouldn't add things to the URL path such as the public key hash. It will be added automatically.)

accounts:
  externalSignerAccount:
    key: edpk...
    is_bootstrap_baker_account: true
    bootstrap_balance: "4000000000000"
    signer_url: http://[POD-NAME].[SERVICE-NAME].[NAMESPACE]:6732

An account being signed for by a Tacoinfra AWS KMS signer requires a key_id field. This should be a valid id of the AWS KMS key. The key's corresponding public key must be provided here as well.

accounts:
  tacoinfraSigner:
    key: sppk...
    key_id: "cloud-id-of-key"
    is_bootstrap_baker_account: true
    bootstrap_balance: "4000000000000"