| id | ledger |
|---|---|
| title | Ledger |
Connect the ledger device to the system in which mavseal is running. Install mavryk-wallet and mavryk-baker apps from ledger live.
Note: Developer mode might be needed to install baker app. Ledger Developer mode
| Name | Type | Required | Description |
|---|---|---|---|
| id | string | ✅ | Ledger Device ID. Use first available device if not specified |
| keys | string array | ✅ | Managed key IDs |
| close_after | duration | OPTIONAL | Close device after a certain period of inactivity |
Syntax: derivation/bip32
Where bip32 is BIP 0032 path and
derivation is one of derivation schemes: ed25519, secp256k1, p-256,
secp256r1 (alias for p-256), bip25519, bip32-ed25519 (alias for
bip25519). bip25519 is a BIP 0032
compliant scheme, others use some sort of a custom hash chain.
Ledger specific root m/44'/1969' may be omitted.
Examples (equivalent): bip32-ed25519/m/44'/1969'/0'/0',
bip32-ed25519/44'/1969'/0'/0', bip25519/0'/0'
vaults:
ledger:
driver: ledger
config:
id: 3944f7a0
keys:
- "bip32-ed25519/0'/0'"
- "secp256k1/0'/1'"
close_after: 3600sConfigure this value as per your requirement. As you don't know the time between the blocks assigned to your baker, it is better to configure it for at least a few hours to prevent the ledger from closing, often due to inactivity.
Example:
close_after: 3600sBy default Ledger vault uses usb transport. Another available transport is tcp used primarily for interaction with Speculos
emulator. It can be enabled using transport option:
vaults:
ledger:
driver: ledger
config:
id: 3944f7a0
transport: tcp://127.0.0.1:9999
keys:
- "bip32-ed25519/0'/0'"
- "secp256k1/0'/1'"
close_after: 3600sIn addition mavseal-cli ledger command also accepts -t / --transport key with the same URL-like syntax:
mavseal-cli ledger --transport 'tcp://127.0.0.1:9999' listKeep mavryk-wallet app open for the below commands and for signing any wallet transactions.
During every wallet transaction Accept/Reject input should be provided in the ledger when prompted.
% ./mavseal-cli list -c ./sig-ledger.yaml
INFO[0000] Initializing watermark backend backend=file
INFO[0000] Initializing vault vault=ledger vault_name=ledger
Public Key Hash: mv1AxtBcyobua1A8sZdf7DJ9xUxQ73q8mhPe
Reference: bip32-ed25519/44'/1969'/0'/0'
Vault: Ledger/e1c98d9f
Active: false
Public Key Hash: mv2ds3CDsARNXP9Xp6THqf28zw8HkrnAQtjt
Reference: secp256k1/44'/1969'/0'/1'
Vault: Ledger/e1c98d9f
Active: false% mavseal-cli ledger list
Path: DevSrvsID:4296821191
ID: villainous-cichlid-relieved-dodo / e1c98d9f
Version: MavBake 1.0.0 e1bfc2a0MavSeal acquires a read lock on the ledger device when in operation. Be aware that when the MavSeal service is running, and it has a valid configuration for a ledger device, the mavseal-cli binary will encounter error "ledger: hidapi: failed to open device" trying to list ledgers. Only 1 process can acquire a read lock on the ledger device.
Keep mavryk-baker app open for the below configurations and when the baker is running. No prompt will be seen in ledger during signing operations.
mavseal-cli ledger setup-baking [--chain-id <chain_id>] [--main-hwm <hwm>] [--test-hwm <hwm>] [-d <device>] <path>Example:
mavseal-cli ledger setup-baking -d 3944f7a0 "bip32-ed25519/44'/1969'/0'/0'"mavseal-cli ledger set-high-watermark [-d <device>] <hwm>Example:
mavseal-cli ledger set-high-watermark -d 3944f7a0 0