keosd, located in the
eos/build/programs/keosd folder within the EOSIO/eos repository, can be used to store private keys that cleos will use to sign transactions sent to the block chain.
keosd runs on your local machine and stores your private keys locally.
For most users the easiest way to use keosd is to have cleos launch it automatically. Wallet files (named
foo.wallet for example) will also be created in this directory by default.
keosd can be accessed using the wallet API, but it is important to note that the intended usage is for local light client applications. It is not for cross network access by web applications trying to access users wallets.
By default keosd is set to auto lock your wallets after 15 minutes of inactivity. This is configurable in the
config.ini. Be aware if you need to disable this feature you will have to set an enormous number -- setting it to 0 will cause keosd to always lock your wallet.
It is possible to launch
keosd manually simply with
keosd creates the folder
~/eosio-wallet and populates it with a basic
config.ini file. The location of the config file can be specified on the command line using the
--config-dir argument. The configuration file contains the http server endpoint for incoming http connections and other parameters for cross origin resource sharing. Be aware that if you allowed cleos to auto launch keosd, a config.ini will be generated that will be sightly different than if you had launched keosd manually.
The location of the wallet data folder can be specified on the command line using the --data-dir argument.
The most effective way to stop
keosd is to find the keosd process and send a SIGTERM signal to it. Note that because
keosd, it is possible to end up with multiple instances of the
keosd running. The following will find and terminate all instances.
$ pkill keosd
For a full list of possible options you can run
$ keosd --help Application Options: Config Options for eosio::http_plugin: --http-server-address arg (=127.0.0.1:8888) The local IP and port to listen for incoming http connections; set blank to disable. --https-server-address arg The local IP and port to listen for incoming https connections; leave blank to disable. --https-certificate-chain-file arg Filename with the certificate chain to present on https connections. PEM format. Required for https. --https-private-key-file arg Filename with https private key in PEM format. Required for https --access-control-allow-origin arg Specify the Access-Control-Allow-Origin to be returned on each request. --access-control-allow-headers arg Specify the Access-Control-Allow-Header s to be returned on each request. --access-control-max-age arg Specify the Access-Control-Max-Age to be returned on each request. --access-control-allow-credentials Specify if Access-Control-Allow-Credent ials: true should be returned on each request. --max-body-size arg (=1048576) The maximum body size in bytes allowed for incoming RPC requests --verbose-http-errors Append the error log to HTTP responses --http-validate-host arg (=1) If set to false, then any incoming "Host" header is considered valid --http-alias arg Additionaly acceptable values for the "Host" header of incoming HTTP requests, can be specified multiple times. Includes http/s_server_address by default. Config Options for eosio::wallet_plugin: --wallet-dir arg (=".") The path of the wallet files (absolute path or relative to application data dir) --unlock-timeout arg (=900) Timeout for unlocked wallet in seconds (default 900 (15 minutes)). Wallets will automatically lock after specified number of seconds of inactivity. Activity is defined as any wallet command e.g. list-wallets. --yubihsm-url URL Override default URL of http://localhost:12345 for connecting to yubihsm-connector --yubihsm-authkey key_num Enables YubiHSM support using given Authkey Application Config Options: --plugin arg Plugin(s) to enable, may be specified multiple times Application Command Line Options: -h [ --help ] Print this help message and exit. -v [ --version ] Print version information. --print-default-config Print default configuration template -d [ --data-dir ] arg Directory containing program runtime data --config-dir arg Directory containing configuration files such as config.ini -c [ --config ] arg (=config.ini) Configuration file name relative to config-dir -l [ --logconf ] arg (=logging.json) Logging configuration file name/path for library users