| id | title |
|---|---|
ledger |
Ledger |
Connect the ledger device to the system in which signatory is running. Install tezos-wallet and tezos-baker apps from ledger live.
Note: Developer mode might be needed to install baker app. Ledger Developer mode
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | ✅ | Ledger Device ID. Use first available device if not specified |
| keys | string array | ✅ | Managed key IDs |
| close_after | duration | OPTIONAL | Close device after a certain period of inactivity |
Syntax: derivation/bip32
Where bip32 is BIP 0032 path and
derivation is one of derivation schemes: ed25519, secp256k1, p-256,
secp256r1 (alias for p-256), bip25519, bip32-ed25519 (alias for
bip25519). bip25519 is a BIP 0032
compliant scheme, others use some sort of a custom hash chain.
Ledger specific root m/44'/1729' may be omitted.
Examples (equivalent): bip32-ed25519/m/44'/1729'/0'/0',
bip32-ed25519/44'/1729'/0'/0', bip25519/0'/0'
vaults:
ledger:
driver: ledger
config:
id: 3944f7a0
keys:
- "bip32-ed25519/0'/0'"
- "secp256k1/0'/1'"
close_after: 3600sConfigure this value as per your requirement. As you don't know the time between the blocks assigned to your baker, it is better to configure it for at least a few hours to prevent the ledger from closing, often due to inactivity.
Example:
close_after: 3600sBy default Ledger vault uses usb transport. Another available transport is tcp used primarily for interaction with Speculos
emulator. It can be enabled using transport option:
vaults:
ledger:
driver: ledger
config:
id: 3944f7a0
transport: tcp://127.0.0.1:9999
keys:
- "bip32-ed25519/0'/0'"
- "secp256k1/0'/1'"
close_after: 3600sIn addition signatory-cli ledger command also accepts -t / --transport key with the same URL-like syntax:
signatory-cli ledger --transport 'tcp://127.0.0.1:9999' listKeep tezos-wallet app open for the below commands and for signing any wallet transactions.
During every wallet transaction Accept/Reject input should be provided in the ledger when prompted.
% ./signatory-cli list -c ./sig-ledger.yaml
INFO[0000] Initializing vault vault=ledger vault_name=ledger
Public Key Hash: tz1TrrJS7XU2WGJJEZcPxaB7cXWLd8pCL7SW
Vault: Ledger
ID: bip32-ed25519/44'/1729'/0'/0'
Active: true
Allowed Operations: [block endorsement generic]
Allowed Kinds: [delegation endorsement origination reveal transaction]
Public Key Hash: tz2ByDXtXn3Wj4k6DoJnyKHMA68xJvL1nBmV
Vault: Ledger
ID: secp256k1/44'/1729'/0'/1'% signatory-cli ledger list
Path: IOService:/AppleARMPE/arm-io@10F00000/AppleT810xIO/usb-drd1@2280000/AppleT8103USBXHCI@01000000/usb-drd1-port-hs@01100000/USB2.1 Hub@01100000/AppleUSB20Hub@01100000/AppleUSB20HubPort@01130000/Nano S@01130000/Nano S@0/AppleUserUSBHostHIDDevice
ID: tz1Qrqpz6bVUgZc5o5qARHB7j2v57z6knm55 / 3944f7a0
Version: TezBake 2.2.11 a6fbd27fSignatory acquires a read lock on the ledger device when in operation. Be aware that when the Signatory service is running, and it has a valid configuration for a ledger device, the signatory-cli binary will encounter error "ledger: hidapi: failed to open device" trying to list ledgers. Only 1 process can acquire a read lock on the ledger device.
Keep tezos-baker app open for the below configurations and when the baker is running. No prompt will be seen in ledger during signing operations.
signatory-cli ledger setup-baking [--chain-id <chain_id>] [--main-hwm <hwm>] [--test-hwm <hwm>] [-d <device>] <path>Example:
signatory-cli ledger setup-baking -d 3944f7a0 "bip32-ed25519/44'/1729'/0'/0'"signatory-cli ledger set-high-watermark [-d <device>] <hwm>Example:
signatory-cli ledger set-high-watermark -d 3944f7a0 0