# Migrate an Existing Validator {% hint style="warning" %} This process should only be used if you want to split an *existing validator private key* into multiple private key shares for use in a Distributed Validator Cluster. **If your existing validator is not properly shut down before the Distributed Validator starts, your validator may be slashed**. If you are starting a new validator, you should follow a [quickstart guide](https://docs.obol.org/run-a-dv/start/quickstart_overview) instead. {% endhint %} Split an existing Ethereum validator key into multiple key shares for use in an [Obol Distributed Validator Cluster](https://docs.obol.org/learn/readme/key-concepts#distributed-validator-cluster). ## Pre-requisites * Ensure you have the existing validator keystores (the ones to split) and passwords. * Ensure you have [docker](https://docs.docker.com/engine/install/) installed. * Make sure `docker` is running before executing the commands below. * If you use MEV-Boost, you must either: * Turn off your MEV-Boost client before you split your keys, or; * Temporarily use a relay you won't be using when running the Distributed Validator; to prevent registering for MEV with a timestamp more recent than the one Charon prepares at the moment of key splitting. ## Step 1. Prepare the existing keystore files {% hint style="info" %} Starting with Charon v1.8.0, you may not need to manually prepare the keystore files as described below. Charon can recursively search for keystore files in the specified directory and attempt to match the corresponding password files. The only case where this does not work is when you specify an exact list of withdrawal addresses; in that case, you must prepare the files manually and ensure the keystore indices match the order of the specified withdrawal addresses. {% endhint %} Create a folder to hold the encrypted keystores, along with the passwords to decrypt them. ```shell # Create a folder mkdir split_keys ``` Copy the existing validator `keystore.json` files into this new folder. Alongside them, with a matching filename but ending with `.txt` should be the password to the keystore (e.g.: `keystore-0.json`, `keystore-0.txt`). The files must start with `keystore*`. At the end of this process, you should have a tree like this: ```shell ├── split_keys │   ├── keystore-0.json │   ├── keystore-0.txt │   ├── keystore-1.json │   ├── keystore-1.txt │ ... │   ├── keystore-N.json │   ├── keystore-N.txt ``` ## Step 2. Split the keys using the charon docker command Run the following docker command to split the keys (for mainnet): ```shell CHARON_VERSION= # E.g. v1.10.0 CLUSTER_NAME= # The name of the cluster you want to create. WITHDRAWAL_ADDRESS= # The address you want to use for withdrawals (this is just for accuracy in your lock file, you can't change a withdrawal address for a validator that has already been deposited) FEE_RECIPIENT_ADDRESS= # The address you want to use for block reward and MEV payments. NODES= # The number of nodes in the cluster. docker run --rm -v $(pwd):/opt/charon obolnetwork/charon:${CHARON_VERSION} create cluster \ --name="${CLUSTER_NAME}" \ --withdrawal-addresses="${WITHDRAWAL_ADDRESS}" \ --fee-recipient-addresses="${FEE_RECIPIENT_ADDRESS}" \ --split-existing-keys \ --split-keys-dir=/opt/charon/split_keys \ --nodes ${NODES} \ --network mainnet \ --publish ``` The above command will create `validator_keys` along with `cluster-lock.json` in `./cluster` for each node. Command output: ```shell ***************** WARNING: Splitting keys ********************** Please make sure any existing validator has been shut down for at least 2 finalised epochs before starting the Charon cluster, otherwise slashing could occur. **************************************************************** Created Charon cluster: --split-existing-keys=true ./cluster/ ├─ node[0-*]/ # Directory for each node │ ├─ charon-enr-private-key # Charon networking private key for node authentication │ ├─ cluster-lock.json # Cluster lock defines the cluster lock file which is signed by all nodes │ ├─ validator_keys # Validator keystores and password │ │ ├─ keystore-*.json # Validator private share key for duty signing │ │ ├─ keystore-*.txt # Keystore password files for keystore-*.json ``` These split keys can now be used to start a Charon cluster. ## Step 3. (Optional) Encrypt artifacts for distribution Within each folder are the encrypted [private key shares](https://docs.obol.org/learn/readme/key-concepts#distributed-validator-key-share), along with the decryption passwords. To transmit these folders to the operators/machines where they will run, it might be prudent to encrypt the folder as a `.zip` to transport them. ```shell # For each folder in ./cluster/ encrypt it with a different password zip -er node1.zip ./cluster/node1/ # Repeat for node2,...,nodeN. ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.obol.org/advanced-and-troubleshooting/advanced/quickstart-split.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.