Prepare for The Merge

The Merge will fully transition Ethereum's consensus mechanism from proof-of-work to proof-of-stake. This is made possible by the Beacon Chain, a new Ethereum network layer that implements proof-of-stake consensus. After The Merge, this consensus layer will be combined with Ethereum's execution layer, and miners will be fully replaced by proof-of-stake validators on Ethereum Mainnet.

This guide will walk you through the changes that you need to make in preparation for The Merge. Note that these instructions need to be followed only if you're running on Ropsten or Sepolia. After Sepolia has been Merged, client software and documentation will be updated for Goerli-Prater, and then Mainnet.

New user?

This guidance is targeted at users who are already running Prysm. If you're starting from scratch, see our Quickstart.

Not familiar with nodes, networks, and related terminology? Consider reading Nodes and networks before proceeding.

The Merge: Before and after

Before The Merge	After The Merge
You don't need to run a local execution client. You can use a service like Infura instead.	You do need to run an execution client. You can't use a service like Infura.
The HTTP connection between beacon node and execution node doesn't need to be authenticated using a JWT token.	The HTTP connection between beacon node and execution node does need to be authenticated using a JWT token.
Beacon nodes connect to execution nodes on port 8545 by default when using HTTP.	Beacon nodes connect to execution nodes on port 8551 by default when using HTTP.
Miners receive transaction fee tips.	Validators receive transaction fee tips. The "fee" is now a base fee that's burned - block producers earn only transaction fee tips.
A fee recipient address does not need to be specified.	A fee recipient address does need to be specified.
A 1TB hard drive is enough.	A 2TB+ SSD is highly recommended.

Let's step through each of these changes.

Create JWT token

The HTTP connection between your beacon node and execution node needs to be authenticated using a JWT token. There are several ways to generate this JWT token:

• Use an online generator like this. Copy and paste this value into a jwt.hex file.
• Use a utility like OpenSSL to create the token via command: openssl rand -hex 32 | tr -d "\n" > "jwt.hex".
• Use an execution client to generate the jwt.hex file.
• Use Prysm to generate the jwt.hex file:

Windows

SET USE_PRYSM_VERSION=v2.1.4-rc.0prysm.bat beacon-chain generate-auth-secret

Linux, MacOS, Arm64

USE_PRYSM_VERSION=v2.1.4-rc.0./prysm.sh beacon-chain generate-auth-secret

Prysm will output a jwt.hex file path.

Configure execution node

Your execution node will need to expose a new port and then use the JWT token to authenticate your beacon node's connection to that port. This new port exposes your execution node's Engine API, a new API that facilitates Ethereum's transition to a proof-of-stake consensus mechanism.

Using the latest version of your execution client software, issue the following command to configure your execution node's JWT token and Engine API endpoint:

Nethermind

Ropsten

Nethermind.Runner --config ropsten --JsonRpc.Enabled true --JsonRpc.JwtSecretFile=path/to/jwt.hex --Merge.TerminalTotalDifficulty 50000000000000000

Sepolia

Nethermind.Runner --config sepolia --JsonRpc.Enabled true --JsonRpc.JwtSecretFile=path/to/jwt.hex --Merge.TerminalTotalDifficulty 17000000000000000

Goerli-Prater

With JWT configured (see our v2.1.4-rc0 guide):

Nethermind.Runner --config goerli --JsonRpc.Enabled true --JsonRpc.Enabled true --JsonRpc.JwtSecretFile=path/to/jwt.hex

Without JWT configured:

Nethermind.Runner --config goerli --JsonRpc.Enabled true

Mainnet

Mainnet isn't ready for Merge configuration yet, so JWT configuration isn't available.

Nethermind.Runner --config mainnet --JsonRpc.Enabled true

See Nethermind's Running Nethermind Post Merge for more information.

Besu

Ropsten

besu --network=ropsten --rpc-http-enabled --engine-jwt-enabled=true --engine-jwt-secret=path/to/jwt.hex  --engine-host-allowlist="*" --override-genesis-config="terminalTotalDifficulty=50000000000000000"

Sepolia

besu --network=sepolia --rpc-http-enabled --engine-jwt-enabled=true --engine-jwt-secret=path/to/jwt.hex  --engine-host-allowlist="*" --override-genesis-config="terminalTotalDifficulty=17000000000000000"

Goerli-Prater

With JWT configured (see our v2.1.4-rc0 guide):

besu --network=goerli --rpc-http-enabled --engine-jwt-enabled=true --engine-jwt-secret=path/to/jwt.hex  --engine-host-allowlist="*"

Without JWT configured:

besu --network=goerli --rpc-http-enabled

Mainnet

Mainnet isn't ready for Merge configuration yet, so no changes are needed.

besu --network=mainnet --rpc-http-enabled

See Besu's command-line options for parameter definitions.

Geth

Ropsten

geth --ropsten --http --http.api eth,net,engine,admin --authrpc.vhosts="localhost" --authrpc.jwtsecret=path/to/jwt.hex --override.terminaltotaldifficulty 50000000000000000

Sepolia

geth --sepolia --http --http.api eth,net,engine,admin --authrpc.vhosts="localhost" --authrpc.jwtsecret=path/to/jwt.hex --override.terminaltotaldifficulty 17000000000000000

Goerli-Prater

With JWT configured (see our v2.1.4-rc0 guide):

geth --goerli --http --http.api eth,net,engine,admin --authrpc.vhosts="localhost" --authrpc.jwtsecret=path/to/jwt.hex

Without JWT configured:

geth --goerli --http --http.api eth,net,engine,admin

Mainnet

Mainnet isn't ready for Merge configuration yet, so no changes are needed.

geth --mainnet --http --http.api eth,net,engine,admin

See Geth's command-line options for parameter definitions.

Configure beacon node

Next, we'll configure your beacon node to consume your JWT token so it can form an authenticated HTTP connection with your execution node.

If you're running a validator, specifying a suggested-fee-recipient wallet address will allow you to earn what were previously miner transaction fee tips. Note that transaction fee tips are forwarded to a Ethereum Mainnet address (liquid, withdrawable), not to your validator's account balance (illiquid, not yet withdrawable). This suggested-fee-recipient address must be specified if you're running a validator, otherwise the transaction fee tips that you earn will be permanently lost. See Configuring a Fee Recipient Address to learn more about this feature.

Windows

Ropsten

Download the Ropsten genesis state from Github and run the following command:

prysm.bat beacon-chain --http-web3provider=http://localhost:8551 --ropsten --jwt-secret=path/to/jwt.hex --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Sepolia

Download the Sepolia genesis state from Github and run the following command:

prysm.bat beacon-chain --http-web3provider=http://localhost:8551 --sepolia --jwt-secret=path/to/jwt.hex --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Goerli-Prater

Download the Prater genesis state from Github.

With JWT configured (see our v2.1.4-rc0 guide):

prysm.bat beacon-chain --http-web3provider=http://localhost:8551 --prater --jwt-secret=path/to/jwt.hex --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Without JWT configured:

prysm.bat beacon-chain --http-web3provider=http://localhost:8545 --prater --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Mainnet

Mainnet isn't ready for Merge configuration yet, so no changes are needed.

prysm.bat beacon-chain --http-web3provider=http://localhost:8545 --mainnet --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Linux, MacOS, Arm64

Ropsten

Download the Ropsten genesis state from Githuband run the following command:

./prysm.sh beacon-chain --http-web3provider=http://localhost:8551 --ropsten --jwt-secret=path/to/jwt.hex --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Sepolia

Download the Sepolia genesis state from Github and run the following command:

./prysm.sh beacon-chain --http-web3provider=http://localhost:8551 --sepolia --jwt-secret=path/to/jwt.hex --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Goerli-Prater

Download the Prater genesis state from Github.

With JWT configured (see our v2.1.4-rc0 guide):

./prysm.sh beacon-chain --http-web3provider=http://localhost:8551 --prater --jwt-secret=path/to/jwt.hex --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Without JWT configured:

./prysm.sh beacon-chain --http-web3provider=http://localhost:8545 --prater --genesis-state=genesis.ssz --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Mainnet

Mainnet isn't ready for Merge configuration yet, so no changes are needed.

./prysm.sh beacon-chain --http-web3provider=http://localhost:8545 --mainnet --suggested-fee-recipient=0x01234567722E6b0000012BFEBf6177F1D2e9758D9

Configure validator node

Validator client configuration doesn't need to be updated for The Merge. A fee recipient address can optionally be configured on your validator node if you want redundancy or multiple fee recipient addresses. See Configuring a Fee Recipient Address to learn more.

Note that consensus-layer Sepolia is a permissioned network - you can run a beacon node on Sepolia, but not a validator.

Upgrade hardware

We recommend updating your hard drive to a 2TB+ SSD as soon as possible.

Congratulations!

You’re now ready for The Merge. If you have any questions, feel free ask them on our Discord.

Frequently asked questions

I'm currently running a validator on Ethereum Mainnet. When should I make changes?

You can make the above changes now. This document will be continuously updated with the latest recommended configuration.

Can I use IPC post-Merge?

Yes. You also won't have to worry about JWT if you use IPC. Refer to your clients' command-line documentation for IPC configuration parameters.