Change location of jwtsecret to fix Nimbus keystore import

ladidan · Jul 23, 2022 · 45bfe33 · 45bfe33
1 parent 146ac23
commit 45bfe33
Show file tree

Hide file tree

Showing 36 changed files with 53 additions and 53 deletions.
diff --git a/besu.yml b/besu.yml
@@ -28,7 +28,7 @@ services:
     volumes:
       - besu-eth1-data:/var/lib/besu
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/besu/secrets
+      - jwtsecret:/var/lib/besu/ee-secret
     ports:
       - ${EL_P2P_PORT:-30303}:${EL_P2P_PORT:-30303}/tcp
       - ${EL_P2P_PORT:-30303}:${EL_P2P_PORT:-30303}/udp
@@ -67,7 +67,7 @@ services:
       - --host-allowlist=*
       - --engine-host-allowlist=*
       - --engine-jwt-enabled=true
-      - --engine-jwt-secret=/var/lib/besu/secrets/jwtsecret
+      - --engine-jwt-secret=/var/lib/besu/ee-secret/jwtsecret
       - --engine-rpc-port=8551
       - --logging
       - ${LOG_LEVEL}

diff --git a/besu/Dockerfile.binary b/besu/Dockerfile.binary
@@ -20,7 +20,7 @@ RUN set -eux; \
         gosu nobody true
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/besu/secrets && chown -R besu:besu /var/lib/besu && chmod -R 700 /var/lib/besu && chmod 750 /var/lib/besu/secrets
+RUN mkdir -p /var/lib/besu/ee-secret && chown -R besu:besu /var/lib/besu && chmod -R 700 /var/lib/besu && chmod 750 /var/lib/besu/ee-secret
 
 COPY ./docker-entrypoint.sh /usr/local/bin/
 

diff --git a/besu/Dockerfile.source b/besu/Dockerfile.source
@@ -41,7 +41,7 @@ RUN adduser \
     --ingroup "${USER}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/besu/secrets && chown -R besu:besu /var/lib/besu && chmod -R 700 /var/lib/besu && chmod 750 /var/lib/besu/secrets
+RUN mkdir -p /var/lib/besu/ee-secret && chown -R besu:besu /var/lib/besu && chmod -R 700 /var/lib/besu && chmod 750 /var/lib/besu/ee-secret
 
 # Copy executable
 COPY --from=builder /usr/src/besu/build/install/besu/. /opt/besu/

diff --git a/besu/docker-entrypoint.sh b/besu/docker-entrypoint.sh
@@ -7,15 +7,15 @@ if [ "$(id -u)" = '0' ]; then
 fi
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/besu/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/besu/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 
-if [[ ! -f /var/lib/besu/secrets/jwtsecret ]]; then
+if [[ ! -f /var/lib/besu/ee-secret/jwtsecret ]]; then
   echo "Generating JWT secret"
   __secret1=$(echo $RANDOM | md5sum | head -c 32)
   __secret2=$(echo $RANDOM | md5sum | head -c 32)
-  echo -n ${__secret1}${__secret2} > /var/lib/besu/secrets/jwtsecret
+  echo -n ${__secret1}${__secret2} > /var/lib/besu/ee-secret/jwtsecret
 fi
 
 # Check whether we should override TTD

diff --git a/erigon.yml b/erigon.yml
@@ -28,7 +28,7 @@ services:
     volumes:
       - erigon-el-data:/var/lib/erigon
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/erigon/secrets
+      - jwtsecret:/var/lib/erigon/ee-secret
     ports:
       - ${EL_P2P_PORT-30303}:${EL_P2P_PORT:-30303}/tcp
       - ${EL_P2P_PORT-30303}:${EL_P2P_PORT:-30303}/udp
@@ -75,7 +75,7 @@ services:
       - --engine.port
       - "8551"
       - --authrpc.jwtsecret
-      - /var/lib/erigon/secrets/jwtsecret
+      - /var/lib/erigon/ee-secret/jwtsecret
       # Workaround for high memory use in alpha
       - --batchSize
       - 128m

diff --git a/erigon/Dockerfile.binary b/erigon/Dockerfile.binary
@@ -13,7 +13,7 @@ USER root
 
 RUN apk --no-cache add shadow bash su-exec && groupmod -g "${GID}" erigon && usermod -u "${UID}" -g "${GID}" erigon
 
-RUN mkdir -p /var/lib/erigon/secrets && chown -R erigon:erigon /var/lib/erigon && chmod -R 700 /var/lib/erigon && chmod 750 /var/lib/erigon/secrets
+RUN mkdir -p /var/lib/erigon/ee-secret && chown -R erigon:erigon /var/lib/erigon && chmod -R 700 /var/lib/erigon && chmod 750 /var/lib/erigon/ee-secret
 
 COPY ./docker-entrypoint.sh /usr/local/bin/
 

diff --git a/erigon/Dockerfile.source b/erigon/Dockerfile.source
@@ -34,7 +34,7 @@ RUN adduser \
     --ingroup "${USER}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/erigon/secrets && chown -R erigon:erigon /var/lib/erigon && chmod -R 700 /var/lib/erigon && chmod 750 /var/lib/erigon/secrets
+RUN mkdir -p /var/lib/erigon/ee-secret && chown -R erigon:erigon /var/lib/erigon && chmod -R 700 /var/lib/erigon && chmod 750 /var/lib/erigon/ee-secret
 
 # Copy executable
 COPY --from=builder /src/erigon/build/bin/erigon /usr/local/bin/

diff --git a/erigon/docker-entrypoint.sh b/erigon/docker-entrypoint.sh
@@ -7,15 +7,15 @@ if [ "$(id -u)" = '0' ]; then
 fi
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/erigon/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/erigon/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 
-if [[ ! -f /var/lib/erigon/secrets/jwtsecret ]]; then
+if [[ ! -f /var/lib/erigon/ee-secret/jwtsecret ]]; then
   echo "Generating JWT secret"
   __secret1=$(echo $RANDOM | md5sum | head -c 32)
   __secret2=$(echo $RANDOM | md5sum | head -c 32)
-  echo -n ${__secret1}${__secret2} > /var/lib/erigon/secrets/jwtsecret
+  echo -n ${__secret1}${__secret2} > /var/lib/erigon/ee-secret/jwtsecret
 fi
 
 # Check whether we should override TTD

diff --git a/geth.yml b/geth.yml
@@ -28,7 +28,7 @@ services:
     volumes:
       - geth-eth1-data:/var/lib/goethereum
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/goethereum/secrets
+      - jwtsecret:/var/lib/goethereum/ee-secret
     ports:
       - ${EL_P2P_PORT:-30303}:${EL_P2P_PORT:-30303}/tcp
       - ${EL_P2P_PORT:-30303}:${EL_P2P_PORT:-30303}/udp
@@ -67,7 +67,7 @@ services:
       - --pprof.addr
       - 0.0.0.0
       - --authrpc.jwtsecret
-      - /var/lib/goethereum/secrets/jwtsecret
+      - /var/lib/goethereum/ee-secret/jwtsecret
       - --authrpc.addr
       - 0.0.0.0
       - --authrpc.vhosts=*

diff --git a/geth/Dockerfile.binary b/geth/Dockerfile.binary
@@ -25,7 +25,7 @@ RUN adduser \
     --ingroup "${USER}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/goethereum/secrets && chown -R ${USER}:${USER} /var/lib/goethereum && chmod -R 700 /var/lib/goethereum && chmod 750 /var/lib/goethereum/secrets
+RUN mkdir -p /var/lib/goethereum/ee-secret && chown -R ${USER}:${USER} /var/lib/goethereum && chmod -R 700 /var/lib/goethereum && chmod 750 /var/lib/goethereum/ee-secret
 
 COPY ./docker-entrypoint.sh /usr/local/bin/
 

diff --git a/geth/Dockerfile.source b/geth/Dockerfile.source
@@ -34,7 +34,7 @@ RUN adduser \
     --ingroup "${USER}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/goethereum/secrets && chown -R ${USER}:${USER} /var/lib/goethereum && chmod -R 700 /var/lib/goethereum && chmod 750 /var/lib/goethereum/secrets
+RUN mkdir -p /var/lib/goethereum/ee-secret && chown -R ${USER}:${USER} /var/lib/goethereum && chmod -R 700 /var/lib/goethereum && chmod 750 /var/lib/goethereum/ee-secret
 
 # Copy executable
 COPY --from=builder /src/go-ethereum/build/bin/geth /usr/local/bin/

diff --git a/geth/docker-entrypoint.sh b/geth/docker-entrypoint.sh
@@ -6,15 +6,15 @@ if [ "$(id -u)" = '0' ]; then
 fi
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/goethereum/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/goethereum/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 
-if [[ ! -f /var/lib/goethereum/secrets/jwtsecret ]]; then
+if [[ ! -f /var/lib/goethereum/ee-secret/jwtsecret ]]; then
   echo "Generating JWT secret"
   __secret1=$(echo $RANDOM | md5sum | head -c 32)
   __secret2=$(echo $RANDOM | md5sum | head -c 32)
-  echo -n ${__secret1}${__secret2} > /var/lib/goethereum/secrets/jwtsecret
+  echo -n ${__secret1}${__secret2} > /var/lib/goethereum/ee-secret/jwtsecret
 fi
 
 # Check whether we should override TTD

diff --git a/lh-base.yml b/lh-base.yml
@@ -22,7 +22,7 @@ services:
     volumes:
       - lhbeacon-data:/var/lib/lighthouse
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/lighthouse/beacon/secrets
+      - jwtsecret:/var/lib/lighthouse/beacon/ee-secret
     environment:
       - RAPID_SYNC_URL=${RAPID_SYNC_URL}
       - JWT_SECRET=${JWT_SECRET}
@@ -60,7 +60,7 @@ services:
       - --execution-endpoint
       - ${EL_NODE}
       - --execution-jwt
-      - /var/lib/lighthouse/beacon/secrets/jwtsecret
+      - /var/lib/lighthouse/beacon/ee-secret/jwtsecret
       - --debug-level=${LOG_LEVEL}
       - --metrics
       - --metrics-address

diff --git a/lighthouse/Dockerfile.binary b/lighthouse/Dockerfile.binary
@@ -19,7 +19,7 @@ RUN adduser \
     "${USER}"
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/lighthouse/beacon/secrets && chown -R ${USER}:${USER} /var/lib/lighthouse/beacon && chmod -R 700 /var/lib/lighthouse/beacon && chmod 750 /var/lib/lighthouse/beacon/secrets
+RUN mkdir -p /var/lib/lighthouse/beacon/ee-secret && chown -R ${USER}:${USER} /var/lib/lighthouse/beacon && chmod -R 700 /var/lib/lighthouse/beacon && chmod 750 /var/lib/lighthouse/beacon/ee-secret
 COPY ./docker-entrypoint.sh /usr/local/bin/
 
 ARG USER=lhvalidator

diff --git a/lighthouse/Dockerfile.source b/lighthouse/Dockerfile.source
@@ -53,7 +53,7 @@ RUN adduser \
     "${USER}"
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/lighthouse/beacon/secrets && chown -R ${USER}:${USER} /var/lib/lighthouse/beacon && chmod -R 700 /var/lib/lighthouse/beacon && chmod 750 /var/lib/lighthouse/beacon/secrets
+RUN mkdir -p /var/lib/lighthouse/beacon/ee-secret && chown -R ${USER}:${USER} /var/lib/lighthouse/beacon && chmod -R 700 /var/lib/lighthouse/beacon && chmod 750 /var/lib/lighthouse/beacon/ee-secret
 COPY ./docker-entrypoint.sh /usr/local/bin/
 
 ARG USER=lhvalidator

diff --git a/lighthouse/docker-entrypoint.sh b/lighthouse/docker-entrypoint.sh
@@ -2,7 +2,7 @@
 set -Eeuo pipefail
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/lighthouse/beacon/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/lighthouse/beacon/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 

diff --git a/lodestar-base.yml b/lodestar-base.yml
@@ -22,7 +22,7 @@ services:
     volumes:
       - lsconsensus-data:/var/lib/lodestar/consensus
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/lodestar/consensus/secrets
+      - jwtsecret:/var/lib/lodestar/consensus/ee-secret
     environment:
       - RAPID_SYNC_URL=${RAPID_SYNC_URL}
       - JWT_SECRET=${JWT_SECRET}
@@ -53,7 +53,7 @@ services:
       - --execution.urls
       - ${EL_NODE}
       - --jwt-secret
-      - /var/lib/lodestar/consensus/secrets/jwtsecret
+      - /var/lib/lodestar/consensus/ee-secret/jwtsecret
       - --network.maxPeers
       - ${CL_MAX_PEER_COUNT:-55}
       - --network.targetPeers

diff --git a/lodestar/Dockerfile.binary b/lodestar/Dockerfile.binary
@@ -23,7 +23,7 @@ RUN adduser \
     --uid "${UID}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/lodestar/consensus/secrets && chown -R ${USER}:${USER} /var/lib/lodestar/consensus && chmod -R 700 /var/lib/lodestar/consensus && chmod 750 /var/lib/lodestar/consensus/secrets
+RUN mkdir -p /var/lib/lodestar/consensus/ee-secret && chown -R ${USER}:${USER} /var/lib/lodestar/consensus && chmod -R 700 /var/lib/lodestar/consensus && chmod 750 /var/lib/lodestar/consensus/ee-secret
 
 ARG USER=lsvalidator
 ARG UID=10000

diff --git a/lodestar/Dockerfile.source b/lodestar/Dockerfile.source
@@ -39,7 +39,7 @@ RUN adduser \
     --uid "${UID}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/lodestar/consensus/secrets && chown -R ${USER}:${USER} /var/lib/lodestar/consensus && chmod -R 700 /var/lib/lodestar/consensus && chmod 750 /var/lib/lodestar/consensus/secrets
+RUN mkdir -p /var/lib/lodestar/consensus/ee-secret && chown -R ${USER}:${USER} /var/lib/lodestar/consensus && chmod -R 700 /var/lib/lodestar/consensus && chmod 750 /var/lib/lodestar/consensus/ee-secret
 
 ARG USER=lsvalidator
 ARG UID=10000

diff --git a/lodestar/docker-entrypoint.sh b/lodestar/docker-entrypoint.sh
@@ -6,7 +6,7 @@ if [ ! -f /var/lib/lodestar/consensus/api-token.txt ]; then
 fi
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/lodestar/consensus/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/lodestar/consensus/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 

diff --git a/nethermind/Dockerfile.binary b/nethermind/Dockerfile.binary
@@ -36,7 +36,7 @@ RUN set -eux; \
 
 # This only goes so far. keystore, logs and nethermind_db are volumes and need to be chown'd in the entrypoint
 RUN chown -R ${USER}:${USER} /nethermind
-RUN mkdir -p /var/lib/nethermind/secrets && chown -R ${USER}:${USER} /var/lib/nethermind && chmod -R 700 /var/lib/nethermind && chmod 750 /var/lib/nethermind/secrets
+RUN mkdir -p /var/lib/nethermind/ee-secret && chown -R ${USER}:${USER} /var/lib/nethermind && chmod -R 700 /var/lib/nethermind && chmod 750 /var/lib/nethermind/ee-secret
 
 COPY --from=dasel /usr/local/bin/dasel /usr/local/bin/
 COPY ./docker-entrypoint.sh /usr/local/bin/

diff --git a/nethermind/Dockerfile.source b/nethermind/Dockerfile.source
@@ -40,7 +40,7 @@ WORKDIR /nethermind
 COPY --from=build /nethermind/out .
 
 RUN chown -R ${USER}:${USER} /nethermind
-RUN mkdir -p /var/lib/nethermind/secrets && chown -R ${USER}:${USER} /var/lib/nethermind && chmod -R 700 /var/lib/nethermind && chmod 750 /var/lib/nethermind/secrets
+RUN mkdir -p /var/lib/nethermind/ee-secret && chown -R ${USER}:${USER} /var/lib/nethermind && chmod -R 700 /var/lib/nethermind && chmod 750 /var/lib/nethermind/ee-secret
 
 COPY --from=dasel /usr/local/bin/dasel /usr/local/bin/
 COPY ./docker-entrypoint.sh /usr/local/bin/

diff --git a/nethermind/docker-entrypoint.sh b/nethermind/docker-entrypoint.sh
@@ -26,15 +26,15 @@ dasel put document -f /nethermind/NLog.config -p xml -d json 'nlog.rules.logger.
 dasel put document -f /nethermind/NLog.config -p xml -d json 'nlog.rules.logger.[]' '{"-name":"*","-minlevel":"Info","-writeTo":"auto-colored-console-async"}'
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/nethermind/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/nethermind/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 
-if [[ ! -f /var/lib/nethermind/secrets/jwtsecret ]]; then
+if [[ ! -f /var/lib/nethermind/ee-secret/jwtsecret ]]; then
   echo "Generating JWT secret"
   __secret1=$(echo $RANDOM | md5sum | head -c 32)
   __secret2=$(echo $RANDOM | md5sum | head -c 32)
-  echo -n ${__secret1}${__secret2} > /var/lib/nethermind/secrets/jwtsecret
+  echo -n ${__secret1}${__secret2} > /var/lib/nethermind/ee-secret/jwtsecret
 fi
 
 # Check whether we should override TTD

diff --git a/nimbus-base.yml b/nimbus-base.yml
@@ -22,7 +22,7 @@ services:
     volumes:
       - nimbus-data:/var/lib/nimbus
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/nimbus/secrets
+      - jwtsecret:/var/lib/nimbus/ee-secret
     environment:
       - RAPID_SYNC_URL=${RAPID_SYNC_URL}
       - NETWORK=${NETWORK}
@@ -48,7 +48,7 @@ services:
       - --max-peers=${CL_MAX_PEER_COUNT:-160}
       - --network=${NETWORK}
       - --web3-url=${EL_NODE}
-      - --jwt-secret=/var/lib/nimbus/secrets/jwtsecret
+      - --jwt-secret=/var/lib/nimbus/ee-secret/jwtsecret
       - --graffiti=${GRAFFITI}
       - --log-level=${LOG_LEVEL}
       - --rest

diff --git a/nimbus/Dockerfile.binary b/nimbus/Dockerfile.binary
@@ -19,7 +19,7 @@ RUN set -eux; \
         gosu nobody true
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/nimbus/secrets && chown -R user:user /var/lib/nimbus && chmod -R 700 /var/lib/nimbus && chmod 750 /var/lib/nimbus/secrets
+RUN mkdir -p /var/lib/nimbus/ee-secret && chown -R user:user /var/lib/nimbus && chmod -R 700 /var/lib/nimbus && chmod 750 /var/lib/nimbus/ee-secret
 
 # Copy beacon_node into $PATH
 RUN cp /home/user/nimbus-eth2/build/nimbus_beacon_node /usr/local/bin/nimbus_beacon_node

diff --git a/nimbus/Dockerfile.source b/nimbus/Dockerfile.source
@@ -39,7 +39,7 @@ RUN adduser \
     --uid "${UID}" \
     "${USER}"
 
-RUN mkdir -p /var/lib/nimbus/secrets && chown -R ${USER}:${USER} /var/lib/nimbus && chmod 700 /var/lib/nimbus && chmod 750 /var/lib/nimbus/secrets
+RUN mkdir -p /var/lib/nimbus/ee-secret && chown -R ${USER}:${USER} /var/lib/nimbus && chmod 700 /var/lib/nimbus && chmod 750 /var/lib/nimbus/ee-secret
 
 # Copy executable
 COPY --from=builder /usr/src/nim-beacon-chain/build/nimbus_beacon_node /usr/local/bin/nimbus_beacon_node

diff --git a/nimbus/docker-entrypoint.sh b/nimbus/docker-entrypoint.sh
@@ -6,7 +6,7 @@ if [ ! -f /var/lib/nimbus/api-token.txt ]; then
 fi
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/nimbus/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/nimbus/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi
 

diff --git a/nm.yml b/nm.yml
@@ -28,7 +28,7 @@ services:
     volumes:
       - nm-eth1-data:/var/lib/nethermind
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/nethermind/secrets
+      - jwtsecret:/var/lib/nethermind/ee-secret
     ports:
       - ${EL_P2P_PORT:-30303}:${EL_P2P_PORT:-30303}/tcp
       - ${EL_P2P_PORT:-30303}:${EL_P2P_PORT:-30303}/udp
@@ -60,7 +60,7 @@ services:
       - --JsonRpc.WebSocketsPort
       - ${EL_WS_PORT:-8546}
       - --JsonRpc.AdditionalRpcUrls=http://0.0.0.0:8551|http;ws|engine;eth;subscribe
-      - --JsonRpc.JwtSecretFile=/var/lib/nethermind/secrets/jwtsecret
+      - --JsonRpc.JwtSecretFile=/var/lib/nethermind/ee-secret/jwtsecret
       - --Sync.SnapSync
       - "true"
       - --Metrics.Enabled

diff --git a/prysm-base.yml b/prysm-base.yml
@@ -26,7 +26,7 @@ services:
     volumes:
       - prysmbeacon-data:/var/lib/prysm
       - /etc/localtime:/etc/localtime:ro
-      - jwtsecret:/var/lib/prysm/secrets
+      - jwtsecret:/var/lib/prysm/ee-secret
     environment:
       - RAPID_SYNC_URL=${RAPID_SYNC_URL}
       - JWT_SECRET=${JWT_SECRET}
@@ -54,7 +54,7 @@ services:
       - --http-web3provider
       - ${EL_NODE}
       - --jwt-secret
-      - /var/lib/prysm/secrets/jwtsecret
+      - /var/lib/prysm/ee-secret/jwtsecret
       - --p2p-tcp-port
       - ${PRYSM_PORT}
       - --p2p-udp-port

diff --git a/prysm/Dockerfile.binary b/prysm/Dockerfile.binary
@@ -32,7 +32,7 @@ RUN adduser \
     "${USER}"
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/prysm/secrets && chown -R ${USER}:${USER} /var/lib/prysm && chmod -R 700 /var/lib/prysm && chmod 750 /var/lib/prysm/secrets
+RUN mkdir -p /var/lib/prysm/ee-secret && chown -R ${USER}:${USER} /var/lib/prysm && chmod -R 700 /var/lib/prysm && chmod 750 /var/lib/prysm/ee-secret
 
 COPY --from=ccsource /app/cmd/beacon-chain/beacon-chain /usr/local/bin/
 COPY ./docker-entrypoint.sh /usr/local/bin/

diff --git a/prysm/Dockerfile.source b/prysm/Dockerfile.source
@@ -40,7 +40,7 @@ RUN adduser \
     "${USER}"
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/prysm/secrets && chown -R ${USER}:${USER} /var/lib/prysm && chmod -R 700 /var/lib/prysm && chmod 750 /var/lib/prysm/secrets
+RUN mkdir -p /var/lib/prysm/ee-secret && chown -R ${USER}:${USER} /var/lib/prysm && chmod -R 700 /var/lib/prysm && chmod 750 /var/lib/prysm/ee-secret
 
 # Copy executable
 COPY --from=builder /go/src/prysm/bazel-bin/cmd/beacon-chain/beacon-chain_/beacon-chain /usr/local/bin/

diff --git a/prysm/docker-entrypoint.sh b/prysm/docker-entrypoint.sh
@@ -16,7 +16,7 @@ if [ "$(id -u)" = '0' ]; then
 fi
 
 if [ -n "${JWT_SECRET}" ]; then
-  echo -n ${JWT_SECRET} > /var/lib/prysm/secrets/jwtsecret
+  echo -n ${JWT_SECRET} > /var/lib/prysm/ee-secret/jwtsecret
   echo "JWT secret was supplied in .env"
 fi