Skip to main content

Set and Rotate Session Keys

As a collator, you need to link your session keys to your collator account. Once linked, the keys are used to identify your collator node. Your collator address will receive the permit to build blocks, but the session keys pass this permit to your node. To check whether the account has already some session keys set, the RPC functions author > hasKey(publicKey, keyType) and author > hasSessionKeys(sessionKeys) can be called.


The session keys associate a collator node with an account on the blockchain. They are hot keys that must be kept online. It is recommended to change them throughout sessions.

Generate New Session Keys


Make sure that no unauthorized party is able to access the RPC endpoint of the collator. Use SSH forwarding for the RPC port when needing to perform some RPC operations on the node with

ssh -L <user>@<server>

There are three ways to create the session keys. We recommend using the curl command on the same host that the node is running or from a host that has an active SSH tunnel with it. This way there is no need to add the --unsafe-rpc-external argument to the node. Nevertheless, the session keys can also be rotated using the PolkadotJS Apps interface or by directly storing the new key in the node's keystore.

A collator can use the following command to rotate the session key.

curl -H "Content-Type: application/json" -d '{"id":1, "jsonrpc":"2.0", "method": "author_rotateKeys", "params":[]}' http://localhost:9933

The answer should look like the JSON object below. The result key is the HEX-encoded public part of the newly created session key.


The rotation of the session key should be done periodically to ensure that your collator can remain secure and safe from attacks. You can find more information about session keys in the Substrate Documentation.

Once a new session key is generated, you must then link that key to your collator account in order to receive rewards for producing new blocks.. This operation is performed by submitting a signed extrinsic to the blockchain.

For Spiritnet, the endpoint is wss://, while for Peregrine it is wss://

Developer -> Extrinsics -> Submission

  1. Select your collator KILT address as the extrinsic submitter (the using the selected account field)
  2. Set up the following extrinsic: session -> setKeys(keys, proof)
    • keys -> the public session key (0xda3861a45e0197f3ca145c2c209f9126e5053fas503e459af4255cf8011d51010 in the example above)
    • proof -> the proof of ownership. It can be set to 0x00
  3. Sign and submit the extrinsic (the Submit Transaction button)

Once the extrinsic is executed, you will have linked the new session key to your account and can start receiving rewards for producing new blocks. However, the new session key does not become effective immediately but with the start of the next session.