Skip to main content


Create and sign a voluntary exit for the specified validator or set of validators.
This subcommand can be run as a separate Teku process.


To submit a voluntary exit, you must have a running beacon node with the REST API enabled.


teku voluntary-exit --beacon-node-api-endpoint=<ENDPOINT>

Endpoint of the beacon node's REST API. The default is


teku voluntary-exit --config-file=<FILE>

Path to the YAML configuration file. The default is none.


teku voluntary-exit --confirmation-enabled=<BOOLEAN>

Specify whether to request confirmation when exiting a validator. The default is true.


If you set --confirmation-enabled to false, exits are generated immediately without any prompt.


teku voluntary-exit --epoch=<EPOCH>

Earliest epoch that the voluntary exit can be processed. The specified epoch can be a past epoch, or current epoch. You cannot specify a future epoch. The default is the current epoch.


If there is a high number of validators that are queued to exit, then the validator exit may be processed at a later epoch.


teku voluntary-exit --include-keymanager-keys=<BOOLEAN>

Include validator keys managed using the key manager APIs. The default is false.


teku voluntary-exit --network=<NETWORK>

Predefined network configuration. There is no default value, because Teku reads the network specification from the Beacon API unless specified.


teku voluntary-exit --save-exits-path=<PATH>

Path at which to save the generated exit messages. This option creates but doesn't submit an exit. It doesn't validate the exit epoch, and doesn't publish the exit messages.


teku voluntary-exit --validator-keys=<KEY_DIR>:<PASS_DIR> | <KEY_FILE>:<PASS_FILE>[,<KEY_DIR>:<PASS_DIR> | <KEY_FILE>:<PASS_FILE>...]...

Directory or file to load the encrypted keystores and passwords of the validators that you wish to exit. Keystore files must use the .json file extension, and password files must use the .txt file extension.

When specifying directories, Teku expects to find identically named keystore and password files. For example validator_217179e.json and validator_217179e.txt.

When specifying file names, Teku expects that the files exist.


The path separator is operating system dependent, and should be ; in Windows rather than :.


teku voluntary-exit --validator-public-keys=<PUBKEY>[,<PUBKEY>...]...

Restrict the exit command to a specified list of public keys. When the parameter is not used, all keys will be exited.


teku voluntary-exit --validators-external-signer-keystore=<FILE>

The keystore that Teku presents to the external signer for TLS authentication. Teku can use PKCS12 or JKS keystore types.

Use the PKCS12 keystore type if connecting to Web3Signer.


teku voluntary-exit --validators-external-signer-keystore-password-file=<FILE>

Password file used to decrypt the keystore.


teku voluntary-exit --validators-external-signer-public-keys=<KEY>[,<KEY>...]

List of public keys of validators that you wish to voluntarily exit when using an external signer (for example, Web3Signer).

Use the URL to load the public keys from a remote service. For example:

teku voluntary-exit --validators-external-signer-public-keys=http://localhost:9900/api/v1/eth2/publicKeys

Use the value external-signer to load all public keys managed by the external signer. Teku automatically queries the external signer's public keys endpoint.

teku voluntary-exit --validators-external-signer-public-keys=external-signer


teku voluntary-exit --validators-external-signer-timeout=<INTEGER>

Timeout in milliseconds for requests to the external signer. The default is 5000.


teku voluntary-exit --validators-external-signer-truststore=<FILE>

PKCS12 or JKS keystore used to trust external signer's self-signed certificate or CA certificate which signs the external signer's certificate.


teku voluntary-exit --validators-external-signer-truststore-password-file=<FILE>

Password file used to decrypt the keystore.


teku voluntary-exit --validators-external-signer-url=<URL>

URL of the external signer (for example, Web3Signer).