diff --git a/.env.mainnet b/.env.mainnet index ac9e52b66..a20d4d336 100644 --- a/.env.mainnet +++ b/.env.mainnet @@ -21,7 +21,8 @@ BASE_NODE_L1_TRUST_RPC="false" # -------------------- BASE_NODE_L2_ENGINE_RPC=ws://execution:8551 BASE_NODE_L2_ENGINE_AUTH=/tmp/engine-auth-jwt -BASE_NODE_L2_ENGINE_AUTH_RAW=688f5d737bad920bdfb2fc2f488d6b6209eebda1dae949a8de91398d932c517a +# [REQUIRED] Generate with: openssl rand -hex 32 +BASE_NODE_L2_ENGINE_AUTH_RAW= # P2P CONFIGURATION # ----------------- diff --git a/.env.sepolia b/.env.sepolia index e518129fb..13141a627 100644 --- a/.env.sepolia +++ b/.env.sepolia @@ -21,7 +21,8 @@ BASE_NODE_L1_TRUST_RPC="false" # -------------------- BASE_NODE_L2_ENGINE_RPC=http://execution:8551 BASE_NODE_L2_ENGINE_AUTH=/tmp/engine-auth-jwt -BASE_NODE_L2_ENGINE_AUTH_RAW=688f5d737bad920bdfb2fc2f488d6b6209eebda1dae949a8de91398d932c517a +# [REQUIRED] Generate with: openssl rand -hex 32 +BASE_NODE_L2_ENGINE_AUTH_RAW= # P2P CONFIGURATION # ----------------- diff --git a/README.md b/README.md index 2e0b62998..5e79148fd 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,10 @@ The following are the hardware specifications we use in production: - `BASE_NODE_L1_BEACON`: your L1 beacon node endpoint - `BASE_NODE_NETWORK`: `base` or `base-sepolia` - `RETH_CHAIN`: `base` or `base-sepolia` +- `BASE_NODE_L2_ENGINE_AUTH_RAW`: a 32-byte hex secret shared between the execution and consensus containers — **never use the placeholder value**. Generate with: + ```bash + openssl rand -hex 32 + ``` ### Network Settings diff --git a/consensus-entrypoint b/consensus-entrypoint index 05b89467a..696b1c346 100755 --- a/consensus-entrypoint +++ b/consensus-entrypoint @@ -36,8 +36,10 @@ if [[ -z "${BASE_NODE_L2_ENGINE_AUTH:-}" ]]; then exit 1 fi -if [[ -z "${BASE_NODE_L2_ENGINE_AUTH_RAW:-}" ]]; then - echo "expected BASE_NODE_L2_ENGINE_AUTH_RAW to be set" 1>&2 +if [[ -z "${BASE_NODE_L2_ENGINE_AUTH_RAW:-}" || "${BASE_NODE_L2_ENGINE_AUTH_RAW}" == "" ]]; then + echo "ERROR: BASE_NODE_L2_ENGINE_AUTH_RAW is not set or still uses the placeholder value." >&2 + echo "Generate a secret and set it in your .env file:" >&2 + echo " BASE_NODE_L2_ENGINE_AUTH_RAW=\$(openssl rand -hex 32)" >&2 exit 1 fi diff --git a/execution-entrypoint b/execution-entrypoint index cea226016..8d004ed98 100755 --- a/execution-entrypoint +++ b/execution-entrypoint @@ -129,6 +129,13 @@ fi mkdir -p "$RETH_DATA_DIR" echo "Starting reth with additional args: $ADDITIONAL_ARGS" + +if [[ -z "${BASE_NODE_L2_ENGINE_AUTH_RAW:-}" || "${BASE_NODE_L2_ENGINE_AUTH_RAW}" == "" ]]; then + echo "ERROR: BASE_NODE_L2_ENGINE_AUTH_RAW is not set or still uses the placeholder value." >&2 + echo "Generate a secret and set it in your .env file:" >&2 + echo " BASE_NODE_L2_ENGINE_AUTH_RAW=\$(openssl rand -hex 32)" >&2 + exit 1 +fi echo "$BASE_NODE_L2_ENGINE_AUTH_RAW" > "$BASE_NODE_L2_ENGINE_AUTH" exec "$BINARY" node \