This is a beginner-friendly guide. Familiarity with the command line is expected, but otherwise this guide makes no assumptions about your technical skills or prior knowledge.
Create a folder called ethereum
on your SSD, and then two subfolders within it: consensus
and execution
:
📂ethereum
┣ 📂consensus
┣ 📂execution
- Windows
- Linux, MacOS, Arm64
Navigate to your consensus
directory and run the following commands:
curl https://raw.githubusercontent.com/prysmaticlabs/prysm/master/prysm.bat --output prysm.bat
reg add HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1
This will download the Prysm client and update your registry to enable verbose logging.
Navigate to your consensus
directory and run the following commands:
curl https://raw.githubusercontent.com/prysmaticlabs/prysm/master/prysm.sh --output prysm.sh && chmod +x prysm.sh
This will download the Prysm client and make it executable.
Generate JWT Secret
The HTTP connection between your beacon node and execution node needs to be authenticated using a JWT token. There are several ways to generate this JWT token:
- Use a utility like OpenSSL to create the token via command:
openssl rand -hex 32 | tr -d "\n" > "jwt.hex"
. - Use an execution client to generate the
jwt.hex
file. - Use Prysm to generate the
jwt.hex
file:
- Operating system:
- Linux, MacOS, Arm64
- Windows
SET USE_PRYSM_VERSION=v5.0.0
Required
prysm.bat beacon-chain generate-auth-secret
export USE_PRYSM_VERSION=v5.0.0
Required
./prysm.sh beacon-chain generate-auth-secret
Prysm will output a jwt.hex
file path.
Move your jwt.hex
file in your ethereum
directory:
📂ethereum
┣ 📂consensus
┣ 📂execution
┣ 📄jwt.hex
Ensure that the script, user, or terminal window used to create and access your JWT token has the permissions it needs. Windows users may need to run command windows as Administrator.
Step 3: Run an execution client
In this step, you'll install an execution-layer client that Prysm's beacon node will connect to.
- Execution client:
- Nethermind
- Besu
- Geth
Download the latest stable release of Nethermind for your operating system from the Nethermind downloads page.
Extract the contents into your execution
folder. Run the following command to start your execution node by replacing <PATH_TO_JWT_FILE>
by the path to the JWT file generated during the previous step:
Extract the contents into your execution
folder. Run the following command to start your execution by replacing <PATH_TO_IPC_FILE>
by any empty path on your file system. The execution layer client will create an IPC file at this location:
- Windows
- Linux, MacOS, Arm64
nethermind --config mainnet --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.JwtSecretFile=<PATH_TO_JWT_FILE>
nethermind --config mainnet --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.IpcUnixDomainSocketPath=<PATH_TO_IPC_FILE>
nethermind --config sepolia --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true--JsonRpc.JwtSecretFile=<PATH_TO_JWT_FILE>
nethermind --config sepolia --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.IpcUnixDomainSocketPath=<PATH_TO_IPC_FILE>
nethermind --config holesky --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true--JsonRpc.JwtSecretFile=<PATH_TO_JWT_FILE>
nethermind --config holesky --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.IpcUnixDomainSocketPath=/path/to/<your.ipc>
./nethermind --config mainnet --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.JwtSecretFile=<PATH_TO_JWT_FILE>
./nethermind --config mainnet --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.IpcUnixDomainSocketPath=<PATH_TO_IPC_FILE>
./nethermind --config sepolia --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true--JsonRpc.JwtSecretFile=<PATH_TO_JWT_FILE>
./nethermind --config sepolia --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.IpcUnixDomainSocketPath=<PATH_TO_IPC_FILE>
./nethermind --config holesky --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true--JsonRpc.JwtSecretFile=<PATH_TO_JWT_FILE>
./nethermind --config holesky --JsonRpc.Enabled true --HealthChecks.Enabled true --HealthChecks.UIEnabled true --JsonRpc.IpcUnixDomainSocketPath=/path/to/<your.ipc>
See Nethermind's command-line options for parameter definitions.
Ensure that the latest 64-bit version of the Java JDK is installed. Download the latest stable release of Besu from the Besu releases page. OS-specific instructions are available on Besu's binary installation page.
Run the following command to start your execution node replacing <PATH_TO_JWT_FILE>
by the path to the JWT file generated during the previous step:
besu --network=mainnet --rpc-http-enabled --engine-jwt-enabled=true --engine-jwt-secret=<PATH_TO_JWT_FILE> --engine-host-allowlist="*"
Content under construction.
besu --network=sepolia --rpc-http-enabled --engine-jwt-enabled=true --engine-jwt-secret=<PATH_TO_JWT_FILE> --engine-host-allowlist="*"
Content under construction.
besu --network=holesky --rpc-http-enabled --engine-jwt-enabled=true --engine-jwt-secret=<PATH_TO_JWT_FILE> --engine-host-allowlist="*"
Content under construction.
See Besu's command-line options for parameter definitions.
Download and run the latest 64-bit stable release of Geth for your operating system from the Geth downloads page.
Move the geth
executable into your execution
directory.
Navigate to your execution
directory and run the following command to start your execution node by replacing <PATH_TO_JWT_FILE>
by the path to the JWT file generated during the previous step:
Navigate to your execution
directory and run the following command to start your execution node by replacing <PATH_TO_IPC_FILE>
by any empty path on your file system. The execution layer client will create an IPC file at this location:
- Windows
- Linux, MacOS, Arm64
geth --mainnet --http --http.api eth,net,engine,admin --authrpc.jwtsecret=<PATH_TO_JWT_FILE>
geth --mainnet --http --http.api eth,net,engine,admin --ipcpath=<PATH_TO_IPC_FILE>
geth --sepolia --http --http.api eth,net,engine,admin --authrpc.jwtsecret=<PATH_TO_JWT_FILE>
geth --sepolia --http --http.api eth,net,engine,admin --ipcpath=<PATH_TO_IPC_FILE>
geth --holesky --http --http.api eth,net,engine,admin --authrpc.jwtsecret=<PATH_TO_JWT_FILE>
geth --holesky --http --http.api eth,net,engine,admin --ipcpath=<PATH_TO_IPC_FILE>
./geth --mainnet --http --http.api eth,net,engine,admin --authrpc.jwtsecret=<PATH_TO_JWT_FILE>
./geth --mainnet --http --http.api eth,net,engine,admin --ipcpath=<PATH_TO_IPC_FILE>
./geth --sepolia --http --http.api eth,net,engine,admin --authrpc.jwtsecret=<PATH_TO_JWT_FILE>
./geth --sepolia --http --http.api eth,net,engine,admin --ipcpath=<PATH_TO_IPC_FILE>
./geth --holesky --http --http.api eth,net,engine,admin --authrpc.jwtsecret=<PATH_TO_JWT_FILE>
./geth --holesky --http --http.api eth,net,engine,admin --ipcpath=<PATH_TO_IPC_FILE>
See Geth's command-line options for parameter definitions.
The execution layer client cannot sync without an attached beacon node. We'll see how to setup a beacon node in the next step.
Step 4: Run a beacon node using Prysm
In this step, you'll run a beacon node using Prysm.
There is two main ways to sync a beacon node: from genesis, and from a checkpoint. It is safer and a considerably faster to sync from a checkpoint. When syncing from a checkpoint, the simplest is to connect to a checkpoint sync endpoint. A non exhaustive list of checkpoint sync endpoints is available.
In the following examples, we'll use the checkpoint sync endpoint provided by beaconstate.info. Feel free to use the one you want.
- Windows
- Linux, MacOS, Arm64
Navigate to your consensus
directory and run the following command to start your beacon node that connects to your local execution node by replacing <PATH_TO_JWT_FILE>
by the path to the JWT file generated during the previous step:
prysm.bat beacon-chain --execution-endpoint=http://localhost:8551 --mainnet --jwt-secret=<PATH_TO_JWT_FILE> --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info
Navigate to your consensus
directory and run the following command to start your beacon node that connects to your local execution node by replacing <PATH_TO_IPC_FILE>
by the path to the IPC file the execution client created for you during the previous step:
prysm.bat beacon-chain --execution-endpoint=<PATH_TO_IPC_FILE> --mainnet --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info
prysm.bat beacon-chain --execution-endpoint=http://localhost:8551 --sepolia --jwt-secret=<PATH_TO_JWT_FILE> --checkpoint-sync-url=https://sepolia.beaconstate.info --genesis-beacon-api-url=https://sepolia.beaconstate.info
prysm.bat beacon-chain --execution-endpoint=<PATH_TO_IPC_FILE> --sepolia --checkpoint-sync-url=https://sepolia.beaconstate.info --genesis-beacon-api-url=https://sepolia.beaconstate.info
prysm.bat beacon-chain --execution-endpoint=http://localhost:8551 --holesky --jwt-secret=<PATH_TO_JWT_FILE> --checkpoint-sync-url=https://holesky.beaconstate.info --genesis-beacon-api-url=https://holesky.beaconstate.info
prysm.bat beacon-chain --execution-endpoint=<PATH_TO_IPC_FILE> --holesky --checkpoint-sync-url=https://holesky.beaconstate.info --genesis-beacon-api-url=https://holesky.beaconstate.info
Navigate to your consensus
directory and run the following command to start your beacon node that connects to your local execution node by replacing <PATH_TO_JWT_FILE>
by the path to the JWT file generated during the previous step:
./prysm.sh beacon-chain --execution-endpoint=http://localhost:8551 --mainnet --jwt-secret=<PATH_TO_JWT_FILE> --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info
Navigate to your consensus
directory and run the following command to start your beacon node that connects to your local execution node by replacing <PATH_TO_IPC_FILE>
by the path to the IPC file the execution client created for you during the previous step:
./prysm.sh beacon-chain --execution-endpoint=<PATH_TO_IPC_FILE> --mainnet --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info
./prysm.sh beacon-chain --execution-endpoint=http://localhost:8551 --sepolia --jwt-secret=<PATH_TO_JWT_FILE> --checkpoint-sync-url=https://sepolia.beaconstate.info --genesis-beacon-api-url=https://sepolia.beaconstate.info
./prysm.sh beacon-chain --execution-endpoint=<PATH_TO_IPC_FILE> --sepolia --checkpoint-sync-url=https://sepolia.beaconstate.info --genesis-beacon-api-url=https://sepolia.beaconstate.info
./prysm.sh beacon-chain --execution-endpoint=http://localhost:8551 --holesky --jwt-secret=<PATH_TO_JWT_FILE> --checkpoint-sync-url=https://holesky.beaconstate.info --genesis-beacon-api-url=https://holesky.beaconstate.info
./prysm.sh beacon-chain --execution-endpoint=<PATH_TO_IPC_FILE> --holesky --checkpoint-sync-url=https://holesky.beaconstate.info --genesis-beacon-api-url=https://holesky.beaconstate.info
Syncing from a checkpoint usually takes a couple of minutes. See Sync from a checkpoint for more information about this feature.
If you wish to sync from genesis, you need to remove --checkpoint-sync-url
and --genesis-beacon-api-url
flags from the previous command. Syncing from genesis usually takes a couple days, but it can take longer depending on your network and hardware specs.
If you wish to sync from genesis, you need to remove
--checkpoint-sync-url
and
--genesis-beacon-api-url
flags from the previous command and add the
--genesis-state=genesis.ssz
flag. Syncing from genesis usually takes a couple days, but it can take longer depending on your network and hardware specs. Download the
Sepolia genesis.ssz from Github into your
consensus
directory.
If you wish to sync from genesis, you need to remove
--checkpoint-sync-url
and
--genesis-beacon-api-url
flags from the previous command and add the
--genesis-state=genesis.ssz
flag. Syncing from genesis usually takes a couple days, but it can take longer depending on your network and hardware specs. Download the
Holesky genesis.ssz from Github into your
consensus
directory.
If you are planning to run a validator, it is strongly advised to use the --suggested-fee-recipient=<WALLET ADDRESS>
option. When your validator proposes a block, it will allow you to earn block priority fees, also sometimes called "tips".
Congratulations - you’re now running a full Ethereum node. To check the status of your node, visit Check node and validator status.
Step 5: Run a validator using Prysm
Next, we'll create your validator keys with the Ethereum Staking Deposit CLI.
Download - ideally on a new machine that has never been connected to the internet - the latest stable version of the deposit CLI from the Staking Deposit CLI Releases page.
Run the following command to create your mnemonic (a unique and highly sensitive 24-word phrase) and keys:
- Windows
- Linux, MacOS, Arm64
deposit.exe new-mnemonic --num_validators=1 --mnemonic_language=english --chain=mainnet
deposit.exe new-mnemonic --num_validators=1 --mnemonic_language=english --chain=sepolia
deposit.exe new-mnemonic --num_validators=1 --mnemonic_language=english --chain=holesky
./deposit new-mnemonic --num_validators=1 --mnemonic_language=english --chain=mainnet
./deposit new-mnemonic --num_validators=1 --mnemonic_language=english --chain=sepolia
./deposit new-mnemonic --num_validators=1 --mnemonic_language=english --chain=holesky
Follow the CLI prompts to generate your keys. The password you choose will be needed later when importing the generated data into the Prysm validator client. This will give you the following artifacts:
- A new mnemonic seed phrase. This is highly sensitive and should never be exposed to other people or networked hardware.
- A
validator_keys
folder. This folder will contain two files:deposit_data-*.json
- contains deposit data that you’ll later upload to the Ethereum launchpad.keystore-m_*.json
- contains your public key and encrypted private key.
If needed, copy the validator_keys
folder to your primary machine. Run the following command to import your keystores, replacing <YOUR_FOLDER_PATH>
with the full path to your validator_keys
folder:
- Windows
- Linux, MacOS, Arm64
prysm.bat validator accounts import --keys-dir=<YOUR_FOLDER_PATH> --mainnet
prysm.bat validator accounts import --keys-dir=<YOUR_FOLDER_PATH> --sepolia
prysm.bat validator accounts import --keys-dir=<YOUR_FOLDER_PATH> --holesky
./prysm.sh validator accounts import --keys-dir=<YOUR_FOLDER_PATH> --mainnet
./prysm.sh validator accounts import --keys-dir=<YOUR_FOLDER_PATH> --sepolia
./prysm.sh validator accounts import --keys-dir=<YOUR_FOLDER_PATH> --holesky
You’ll be prompted to specify a wallet directory twice. Provide the path to your consensus
folder for both prompts. You should see Imported accounts [...] view all of them by running accounts list
when your account has been successfully imported into Prysm.
Next, go to the Mainnet Launchpad’s deposit data upload page and upload your deposit_data-*.json
file. You’ll be prompted to connect your wallet.
You can then deposit 32 ETH into the Mainnet deposit contract via the Launchpad page. Exercise extreme caution throughout this procedure.
Sepolia has a permissioned validators set. You cannot create a new validator on this network. If you are interested in running a validator on a testnet, please choose an other testnet, like Holesky.
If you need HolETH, head over to one of the following Discord servers:
Someone should be able to give you the HolETH you need.
Next, go to the Holesky Launchpad’s deposit data upload page and upload your deposit_data-*.json
file. You’ll be prompted to connect your wallet.
Exercise extreme caution throughout this procedure - never send real ETH to the testnet deposit contract.
Finally, run the following command to start your validator, replacing <YOUR_FOLDER_PATH>
with the full path to your consensus
folder and <YOUR_WALLET_ADDRESS>
by the address of a wallet you own. When your validator proposes a block, it will allow you to earn block priority fees, also sometimes called "tips". See How to configure Fee Recipient for more information about this feature:
- Windows
- Linux, MacOS, Arm64
prysm.bat validator --wallet-dir=<YOUR_FOLDER_PATH> --mainnet --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>>
prysm.bat validator --wallet-dir=<YOUR_FOLDER_PATH> --sepolia --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>>
prysm.bat validator --wallet-dir=<YOUR_FOLDER_PATH> --holesky --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>>
./prysm.sh validator --wallet-dir=<YOUR_FOLDER_PATH> --mainnet --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>>
./prysm.sh validator --wallet-dir=<YOUR_FOLDER_PATH> --sepolia --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>>
./prysm.sh validator --wallet-dir=<YOUR_FOLDER_PATH> --holesky --suggested-fee-recipient=<YOUR_WALLET_ADDRESS>>
You may wonder why you need to use the --suggested-fee-recipient
in both beacon node and validator client. The reason is it is possible to plug multiple validator clients to the same beacon node. If no --suggested-fee-recipient
is set on a validator client, then the beacon node will fallback on its own --suggested-fee-recipient
when proposing a block.
If no --suggested-fee-recipient
is set neither on the validator client nor on the beacon node, the corresponding tips will be sent to the burn address, and forever lost,
You’re now running a full Ethereum node and a validator client.
It can a long time (from days to months) for your validator to become fully activated. To learn more about the validator activation process, see Deposit Process. See Check node and validator status for detailed status monitoring guidance.
You can leave your execution client, beacon node, and validator client terminal windows open and running. Once your validator is activated, it will automatically begin proposing and validating blocks.