Skip to content

001 ‐ Creating Ethereum Sepolia Holesky accounts (L1) For A Basic OP Rollout Testnet

Álvaro Fernández edited this page May 15, 2024 · 2 revisions

A basic OP rollout testnet requires 4 L1 addresses and their private keys when setting up the chain:

The Admin address has the ability to upgrade contracts. The Batcher address publishes Sequencer transaction data to L1. The Proposer address publishes L2 transaction results (state roots) to L1. The Sequencer address signs blocks on the p2p network.

For the address and private key generation, we will use Foundry's cast CLI. For storing the addresses and private keys we will use cLabs Akeyless.

Step-by-step guide

Using Kubernetes

⚠️ For this, you'll need access to a K8S cluster and escalate to an Akeyless role that allows you to create pods and exec into pods !!

  1. Create a pod that uses the foundry Docker image:
kubectl apply -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: foundry
  name: foundry
  namespace: default
spec:
  containers:
  - image: ghcr.io/foundry-rs/foundry@sha256:d2007b8cbcd72bcc961cf9d889c621f198483f74985a3fe75e6f5499dd35a1fd
    name: foundry
    command: [ "/bin/sh", "-c", "--" ]
    args: [ "while true; do echo hola && sleep 30; done;" ]
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
EOF
  1. Wait till the pod is `Running``
kubectl get po foundry -n default
NAME      READY   STATUS    RESTARTS   AGE
foundry   1/1     Running   0          59s
  1. Exec into the pod
kubectl exec -it foundry -n default -- sh
/ #
  1. Execute cast to create the 4 addresses
/ # cast wallet new -n 4
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
/ # exit
  1. Copy the generated addresses and private keys to Akeyless as Static Secrets. For example, current secrets for Alfajores are at folder /static-secrets/devops-circle/alfajores/op-testnet-alfajores/:

Screenshot 2024-05-15 at 15 06 54

Screenshot 2024-05-15 at 15 14 14

Screenshot 2024-05-15 at 15 15 00

Screenshot 2024-05-15 at 15 15 17

  1. Clean up the foundry pod
kubectl delete po foundry -n default
pod "foundry" deleted

Using Docker locally

⚠️ For this, you'll need Docker installed. Foundry book has a great guide.

⚠️ Also, foundry image is not available for linux/arm64/v8 platform, so this doesn't work on a macOS M1

  1. Execute the foundry Docker image locally
docker run --entrypoint=/bin/sh -it ghcr.io/foundry-rs/foundry:master
/ #
  1. Execute cast to create the 4 addresses
/ # cast wallet new -n 4
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
Successfully created new keypair.
Address:     <ADDRESS>
Private key: <P_KEY>
/ # exit
  1. Copy the generated addresses and private keys to Akeyless as Static Secrets. For example, current secrets for Alfajores are at folder /static-secrets/devops-circle/alfajores/op-testnet-alfajores/ (see point 5. above)

Akeyless Permissions

Permissions for a cluster to access secrets from Akeyless is controlled through the celo-org/akeyless repository.

For a cluster to have access to secrets, the path to those secrets has to be included in the kubernetes_clusters_and_paths variable, in the corresponding "<PROJECT_ID>_<CLUSTER_NAME>_<CLUSTER_LOCATION>:external-secrets" list. For example, this line gives access to alfajores cluster to secrets at path "/static-secrets/devops-circle/alfajores/op-testnet-alfajores/*"