BitGo wallet setup
BitGo is a stable, security-conscious multi-sig wallet service available for your Lamassu machine.
- Your wallet is very important to us, though actively maintaining its security is ultimately the responsibility of the operator. Please see our article on digital security.
- The most common error in setting up the wallet is incorrectly identifying the Wallet ID. Please pay close attention to the section on this below. Another common mistake is not providing the correct settings when creating the token.
- Wallet password
- BitGo wallet ID
Go to BitGo.com to create a new account and wallet.
Choose 'Personal' for account time, then establish your Wallet Password.
The next screen will ask you to set up two-factor authentication for your account. Choose either Google Authenticator (or YubiKey if you have one). If using Google Authenticator, back up the provided seed on paper, stored in a safe place.
Next you'll download a PDF keycard. Print this out and store it securely. It is necessary to recover your wallet should you lose your passwords and means of 2-factor authentication.
Within the dashboard, click on your wallet's name, then click 'Receive'. Note the last wallet address listed at the bottom of the page which is labeled with your wallet's name. This is your Wallet ID. (Note: this is not the 'current receive address' nor any of the other listed addresses.)
To obtain a token, click on the gear icon next to your name for Account Settings. Then click 'Developer Options' and 'Add Access Token'. Name the token, add the IP address of your server(s), and set the 'lifetime spending limit' to 10000. Select all permissions and click 'I agree'. On the next screen, record the Token provided. This will only be shown once.
If you have multiple servers and are using the same wallet, you'll need either a separate token for each server (since they're restricted to each server's IP address) or to create one token listing each server IP separated by commas.
BitGo can be configured within the latest version of the Lamassu Admin.
Log into your Lamassu Admin, click on the wallet panel, ensure 'BitGo' is selected from the drop-down box, and paste the respective credentials:
Check that these credentials were saved by clicking on another panel in the Admin, then clicking back onto Wallet.
Checking for success
To be sure all was entered correctly and the server is connecting to BitGo, run these four commands individually within your server's terminal:
stop lamassu-server start lamassu-server LAMASSU_ENV=debug tail -30 /var/log/upstart/lamassu-server.log | bunyan
If any lines reveal an 'ERROR', check the credentials and re-enter them within the admin panel.
Possible errors revealed in the logs:
Error: unauthorized– Incorrect token. Double check token or create a new one, then re-input the token within the admin.
Error: invalid wallet id– An incorrect address was used as the Wallet ID, likely truncated when input. Double check the Wallet ID by going to the 'Receive' screen in the BitGo wallet page, and use the address at the very end of the page that's labeled with your wallet name.
Error: not found– An incorrect address in your wallet was used as your Wallet ID. Make sure you've gone to the 'Receive' screen in the wallet, and used the address at the very end of the page that's labeled with your wallet name.
Error: Attempt to use IP-restricted token from an unauthorized IP address– The IP address of your admin server was listed incorrectly during token creation. Double check the IP address of your server, create a new token, and re-input the token within the admin.
TypeError: Object #<Object> has no method 'factory'– An older version of lamassu-server is being run. Upgrade using the commands found here. Afterwards, there is no need to input your credentials again, however, you should run the previous 'tail' command to check for any of the above configuration errors.
Not revealed in the logs:
- Incorrect password – This must be tested by placing a transaction at the machine. If you find the bitcoins aren't sent, confirm by checking your transaction log. If the error column for the transaction states 'Unable to decrypt user keychain', then the password is incorrect.
We value your feedback and experience with the module. Please let us know at firstname.lastname@example.org.