Skip to content

Comments

Add --jwt-secret-path to lcli mock-el#8864

Merged
mergify[bot] merged 5 commits intosigp:unstablefrom
jimmygchen:feat-mock-el-jwt-secret-path
Feb 20, 2026
Merged

Add --jwt-secret-path to lcli mock-el#8864
mergify[bot] merged 5 commits intosigp:unstablefrom
jimmygchen:feat-mock-el-jwt-secret-path

Conversation

@jimmygchen
Copy link
Member

@jimmygchen jimmygchen commented Feb 19, 2026

Description

Allow lcli mock-el to read a pre-shared JWT secret from a file via --jwt-secret-path, instead of always using the hardcoded DEFAULT_JWT_SECRET. This enables external tools (e.g. kurtosis ethereum-package) to provide their own JWT secret.

The two flags are mutually exclusive:

Flag Behavior
--jwt-output-path Current behavior: use default secret, write to file
--jwt-secret-path Read secret from file, don't write anywhere

The new flag accepts a hex-encoded secret file (with or without 0x prefix).

Additional Info

No breaking changes — existing usage with only --jwt-output-path is unchanged.

@jimmygchen jimmygchen added ready-for-review The code is ready for review lcli Relates to the lighthouse cli binary labels Feb 19, 2026
Copy link
Member

@macladson macladson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Just wondering if jwt-secret-path and jwt-output-path should be mutually exclusive? Seems strange to write a output file when you are already providing an input file. Might be slightly tidier UX?

@pawanjay176
Copy link
Member

Agree with Mac. I think the 2 flags should conflict. I don't see why we would want to read from a file and write to a different file either.

.map_err(|e| format!("Invalid hex in JWT secret file: {}", e))?;
JwtKey::from_slice(&secret_bytes)
.map_err(|e| format!("Invalid JWT secret length (expected 32 bytes): {}", e))?
} else {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it more clear to do here else if let Some(jwt_path) = jwt_output_path {
and then error in the final else?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in e23b8d1.

Copy link
Member

@macladson macladson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect!

@jimmygchen jimmygchen added ready-for-merge This PR is ready to merge. and removed ready-for-review The code is ready for review labels Feb 20, 2026
@mergify mergify bot added the queued label Feb 20, 2026
@mergify
Copy link

mergify bot commented Feb 20, 2026

Merge Queue Status

Rule: default


This pull request spent 32 minutes 31 seconds in the queue, including 30 minutes 22 seconds running CI.

Required conditions to merge
  • check-success=local-testnet-success
  • check-success=test-suite-success

mergify bot added a commit that referenced this pull request Feb 20, 2026
@mergify mergify bot merged commit 48071b7 into sigp:unstable Feb 20, 2026
36 checks passed
@mergify mergify bot removed the queued label Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lcli Relates to the lighthouse cli binary ready-for-merge This PR is ready to merge.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants