Remote lotus-wallet management

This is a step-by-step guide on how to set up the lotus-wallet for remote wallet management. This tutorial is for experienced Lotus users.

This tutorial is based on a setup with two different servers, one to run the lotus daemon while the other runs the lotus-wallet application.

Prerequisites

Initial setup

On the server that is going to run the lotus-wallet binary. Run lotus-wallet get-api-key to initialize the ~/.lotuswallet repo and generate the API key for it. If you want to create the .lotuswallet repo in a custom location, you can specify the repo with the --wallet-repo option, or by exporting a WALLET_PATH=/path/to/lotuswallet environment variable.

2022-08-12T12:56:53.817Z        INFO    repo    repo/fsrepo.go:267      Initializing repo at '/home/server/.lotuswallet'
2022-08-12T12:56:53.817Z        WARN    modules modules/core.go:148     Generating new API secret
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJhZG1pbiJdLCJDcmVhdGVkIjoiMjAyMi0wOC0xMlQxMjo1Njo1My44MTc0MTUzMzlaIiwiUnVsZXMiOm51bGx9.bS-6hLG1csJu8Pa8c8AQ_5IUX98iAfyxlMRiO61X1_g

After that you can run the lotus-wallet with lotus-wallet run. Depending on your network setup and where you are planning to run the lotus-wallet you might want to specify the host address and port the wallet api will listen on with the --listen option.

./lotus-wallet run --listen 123.123.12.123:1777
2022-08-12T13:26:46.976Z        INFO    main    lotus-wallet/main.go:286        Starting lotus wallet
2022-08-12T13:26:46.977Z        INFO    main    lotus-wallet/main.go:331        Setting up API endpoint at 123.123.12.123:1777
2022-08-12T13:26:46.978Z        INFO    main    lotus-wallet/main.go:378        API auth enabled, use 'lotus-wallet get-api-key' to get API key

Now we need to configure our lotus daemon node. Edit your lotus config (~/.lotus/config.toml), and locate the [Wallet] section. Set the the RemoteBackend to [api key]:http://[wallet ip]:[wallet port] (the default port is 1777).

So in our example that would be:

[Wallet]
  # type: string
  # env var: LOTUS_WALLET_REMOTEBACKEND
  RemoteBackend = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJhZG1pbiJdLCJDcmVhdGVkIjoiMjAyMi0wOC0xMlQxMjo1Njo1My44MTc0MTUzMzlaIiwiUnVsZXMiOm51bGx9.bS-6hLG1csJu8Pa8c8AQ_5IUX98iAfyxlMRiO61X1_g:http://123.123.12.123:1777"

Then restart (or run) your lotus daemon node. You can confirm that your lotus-wallet remote backend is properly set up by running the lotus wallet list command on the lotus daemon. On the server that is running lotus wallet you should be able to see that action being logged:

2022-08-12T13:44:10.181Z        INFO    main    lotus-wallet/logged.go:35       WalletList

Importing addresses

For now stop the lotus-wallet and restart it in the interactive mode while we import the addresses.

lotus-wallet run --interactive=true --listen 123.123.12.123:1777

On your lotus daemon node start importing the backup keys for the addresses you want to have on the lotus-wallet.

lotus wallet import /path/to/backup/lotus-wallet.key

On your lotus-wallet node you should now see a prompt, asking you if you want to import the private key. Authorize the import to finalize the address import on the lotus-wallet.

-----
ACTION: WalletImport - Import private key
TYPE: bls

Accept the above? (Authorize/No): Authorize
approved

Repeat the process for all the addresses you want to be managed by the lotus-wallet. After importing all the keys stop the lotus-wallet process and restart the lotus daemon with the RemoteBackend config turned off:

[Wallet]
  # type: string
  # env var: LOTUS_WALLET_REMOTEBACKEND
  #RemoteBackend = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJhZG1pbiJdLCJDcmVhdGVkIjoiMjAyMi0wOC0xMlQxMjo1Njo1My44MTc0MTUzMzlaIiwiUnVsZXMiOm51bGx9.bS-6hLG1csJu8Pa8c8AQ_5IUX98iAfyxlMRiO61X1_g:http://123.123.12.123:1777"

Now you can start removing the addresses on the lotus daemon node with lotus wallet delete.

After all that is done, you can now restart the lotus-wallet without the --interactive mode. When you run the lotus wallet list on the lotus daemon node you should be able to see all your keys. You have now successfully set up the lotus-wallet binary to handle your keys and addresses.

Extra steps

If you want to create any new wallets that you do not want to be on the remote lotus-wallet service (such as PoSt-control addresses for example) will require you to turn of the RemoteBackend config, restart the daemon and create them such that they land on the server running lotus-daemon and not the lotus-wallet.

Edit this page on GitHub