Clef External Signer
Bee makes use of Go Ethereum's external signer, Clef.
Because Bee must sign a lot of transactions automatically and quickly, a Bee specific version of Clef, Bee-clef has been packaged which includes all the relevant configuration and implements the specific configuration needed to make Clef work with Bee.
caution
Clef will create a new Ethereum key pair for you during installation. Make sure you keep a backup of your key pair somewhere safe and secure!
Packages
Bee clef can be installed automatically using your system's package manager.
Ubuntu / Raspbian / Debian
AMD64
ARM (Raspberry Pi)
ARMv7
ARM64
CentOS
AMD64
ARM (Raspberry Pi)
ARMv7
ARM64
MacOS
To run Bee Clef as a service now and on startup, run:
Interact With Clef
Once Clef has been installed, it will begin running as a service using systemd
.
To check Clef is running ok, we may use systemctl
to query the status of the bee-clef
service.
Data Locations
Bee-clef
Configuration files are stored in /etc/bee-clef/
Key material and other data is stored in /var/lib/bee-clef/
Manual Installation
To install Clef manually, first retrieve the relevant Clef binary from Ethereum's Geth & Tools download page, or build directly from the source.
Because Bee needs Clef to sign many transactions automatically, we must run Clef as a service with relaxed permissions and rules set. To ensure Clef only signs transactions from Bee, we must protect the clef.ipc
file by creating a Bee user and setting permissions so that it is only possible for this user to make use of the ipc socket.
Additionally, Clef requires transaction signatures for the Bee's chequebook interaction.
A shell script automating the post-initialisation permission changing and including the Clef config, clef-service
, as well as the 4byte.json
transaction signature file and rules.js
file can all be found in the Bee-clef repository.
Finally, once Clef is running, simply configure your Bee node to enable Clef using --clef-signer-enable
and point Bee to the correct ipc socket using --clef-signer-endpoint
.