For evaluation and prototyping purposes, Signatory file-based signer mode allows operation without an HSM or Key Vault service. By storing the secret key material in a JSON file, users can get Signatory up and running quickly for evaluation and development purposes.
Signatory configuration for file-based secret storage
The documentation assumes you will use the official Signatory docker image, and that you have a Linux server operably configured with docker installed.
Place the following YAML in a file
tz1Wk1Wdczh5BzyZ1uz2DW9xdFg9B5cFuGFm key corresponds to the secret key that you will put in
Next, you want to run the signatory docker image as follows:
Remember to secure the network where Signatory is running
Verify that signatory is working
You can test that signatory is working, making a GET request using the Public Key Hash (PKH). Signatory will return a JSON payload containing the public key.
A response such as the following should be expected:
You can test the signing functionality by making a POST request as follows:
Which should return an HTTP 200 OK with a payload similar to:
If you repeat the same signing operation more than once, you will get an error from the High-Watermark feature. This is a safety measure to prevent injection of duplicate operations.
The payload on this request resembles a Tezos endorsement that would be emitted from a Tezos Baker node.