# Safeheron Configuration This page contains the full Safeheron MPC configuration for Nexus deployment. ## When to use Set `MPC_SIGNER=safeheron` when you want signing to be handled by Safeheron instead of local private keys. ## Key passing mode Safeheron RSA key fields support both: * PEM content string * local PEM file path Recommended: use file paths (for example `/run/secrets/...`) and make sure those files are mounted and readable in your runtime environment. ## Required consistency `DOTSWAP_ACCOUNT_ADDRESS` and all addresses in `POOLS_*`, `SINGLE_LIQUIDITY_POOLS_*`, and `TAKERS_*` should belong to the same Safeheron `accountKey + pubKey` derivation set. Otherwise, signing may fail. ## Variables (service runtime) Set the following `SAFEHERON_*` variables in the running service environment: * `MPC_SIGNER=safeheron` * `SAFEHERON_BASE_URL` * `SAFEHERON_SIGN_API_KEY` * `SAFEHERON_SIGN_RSA_PRIVATE_KEY` (PEM content or file path) * `SAFEHERON_SIGN_SAFEHERON_RSA_PUBLIC_KEY` (PEM content or file path) * `SAFEHERON_ACCOUNT_API_KEY` (optional) * `SAFEHERON_ACCOUNT_RSA_PRIVATE_KEY` (PEM content or file path, optional) * `SAFEHERON_ACCOUNT_SAFEHERON_RSA_PUBLIC_KEY` (PEM content or file path, optional) * `SAFEHERON_ACCOUNT_KEY` * `SAFEHERON_PUB_KEY` You can provide PEM content directly for RSA fields, but file paths are recommended for security. ## Example (docker-compose runtime environment mode) If you edit `docker-compose.yml` environment entries directly, set: ```dotenv services: service: environment: MPC_SIGNER: safeheron SAFEHERON_BASE_URL: https://api.safeheron.com SAFEHERON_SIGN_API_KEY: your-safeheron-sign-api-key SAFEHERON_SIGN_RSA_PRIVATE_KEY: /run/secrets/safeheron-sign-private.pem SAFEHERON_SIGN_SAFEHERON_RSA_PUBLIC_KEY: /run/secrets/safeheron-sign-public.pem SAFEHERON_ACCOUNT_API_KEY: your-safeheron-account-api-key SAFEHERON_ACCOUNT_RSA_PRIVATE_KEY: /run/secrets/safeheron-account-private.pem SAFEHERON_ACCOUNT_SAFEHERON_RSA_PUBLIC_KEY: /run/secrets/safeheron-account-public.pem SAFEHERON_ACCOUNT_KEY: your-safeheron-account-key SAFEHERON_PUB_KEY: your-safeheron-compressed-pubkey-hex ``` In this manual mode, RSA fields also support direct PEM content. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.on.nexus/dotswap/developers/nexus-protocol/deployment-guide/safeheron-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.