[Feature] enable/disable validator accounts (#7746)

* add --enable --disable flags for validator accounts * refactor DeleteAccountConfig into AccountConfig to be used for enable and disable feature * add `disable` flag for validator accounts * [wip] add method to disable account * refactor account delete * add disable & enable with proper filters * fix keymanager unit tests * update DisabledPublicKeys to be a string instead of [][]byte * fix FetchValidatingPrivateKeys to only fetch active keys with new string format * fix FetchValidationPrivateKeys with new DisabledPublicKeys format (as a string) * rename file + update AccountsConfig to include Disable, Enable and Delete distinct attributes * rename accounts_activation -> accounts_enable_disable * revert changes from using string to [][]byte for DisabledPublicKeys * add FetchAllValidatingPublicKeys to preserve the functionality for accounts list, backup and delete * fix unit tests * convert publickeys from [][]byte to str before passing it to pb message * add unit tests for disable keys * add unit tests for EnableAccounts * revert WORKSPACE LLM for now * ran gazelle * move function to convert KeymanagerOpts to Config inside rpc and run gazelle * add unit tests for FetchAllValidatingPublicKeys * fix keymanageropts for InteropKey * Fix mistake for enable accounts * add docstring to DisableAccountsCli and EnableAccountsCli * remove previous testnet and add toledo & pyrmont
2026-01-09 15:37:56 -05:00 · 2020-11-13 08:06:24 -08:00
parent 8dcdfea2a8
commit 16bccf05cf
21 changed files with 665 additions and 38 deletions
--- a/validator/accounts/BUILD.bazel
+++ b/validator/accounts/BUILD.bazel
@@ -4,9 +4,11 @@ load("@prysm//tools/go:def.bzl", "go_library")
 go_library(
    name = "go_default_library",
    srcs = [
+        "accounts.go",
        "accounts_backup.go",
        "accounts_create.go",
        "accounts_delete.go",
+        "accounts_enable_disable.go",
        "accounts_exit.go",
        "accounts_helper.go",
        "accounts_import.go",
@@ -64,6 +66,7 @@ go_test(
        "accounts_backup_test.go",
        "accounts_create_test.go",
        "accounts_delete_test.go",
+        "accounts_enable_disable_test.go",
        "accounts_exit_test.go",
        "accounts_import_test.go",
        "accounts_list_test.go",
--- a/validator/accounts/accounts.go
+++ b/validator/accounts/accounts.go
@@ -0,0 +1,15 @@
+package accounts
+
+import (
+	"github.com/prysmaticlabs/prysm/validator/accounts/wallet"
+	"github.com/prysmaticlabs/prysm/validator/keymanager"
+)
+
+// AccountsConfig specifies parameters to run to delete, enable, disable accounts.
+type AccountsConfig struct {
+	Wallet            *wallet.Wallet
+	Keymanager        keymanager.IKeymanager
+	DisablePublicKeys [][]byte
+	EnablePublicKeys  [][]byte
+	DeletePublicKeys  [][]byte
+}
--- a/validator/accounts/accounts_backup.go
+++ b/validator/accounts/accounts_backup.go
@@ -58,7 +58,7 @@ func BackupAccountsCli(cliCtx *cli.Context) error {
 	if err != nil {
 		return errors.Wrap(err, "could not initialize keymanager")
 	}
-	pubKeys, err := km.FetchValidatingPublicKeys(cliCtx.Context)
+	pubKeys, err := km.FetchAllValidatingPublicKeys(cliCtx.Context)
 	if err != nil {
 		return errors.Wrap(err, "could not fetch validating public keys")
 	}
--- a/validator/accounts/accounts_delete.go
+++ b/validator/accounts/accounts_delete.go
@@ -18,13 +18,6 @@ import (
 	"github.com/urfave/cli/v2"
 )

-// DeleteAccountConfig specifies parameters to run the delete account function.
-type DeleteAccountConfig struct {
-	Wallet     *wallet.Wallet
-	Keymanager keymanager.IKeymanager
-	PublicKeys [][]byte
-}
-
 // DeleteAccountCli deletes the accounts that the user requests to be deleted from the wallet.
 // This function uses the CLI to extract necessary values.
 func DeleteAccountCli(cliCtx *cli.Context) error {
@@ -40,7 +33,7 @@ func DeleteAccountCli(cliCtx *cli.Context) error {
 	if err != nil {
 		return errors.Wrap(err, "could not initialize keymanager")
 	}
-	validatingPublicKeys, err := keymanager.FetchValidatingPublicKeys(cliCtx.Context)
+	validatingPublicKeys, err := keymanager.FetchAllValidatingPublicKeys(cliCtx.Context)
 	if err != nil {
 		return err
 	}
@@ -94,10 +87,10 @@ func DeleteAccountCli(cliCtx *cli.Context) error {
 			}
 		}
 	}
-	if err := DeleteAccount(cliCtx.Context, &DeleteAccountConfig{
-		Wallet:     w,
-		Keymanager: keymanager,
-		PublicKeys: rawPublicKeys,
+	if err := DeleteAccount(cliCtx.Context, &AccountsConfig{
+		Wallet:           w,
+		Keymanager:       keymanager,
+		DeletePublicKeys: rawPublicKeys,
 	}); err != nil {
 		return err
 	}
@@ -109,7 +102,7 @@ func DeleteAccountCli(cliCtx *cli.Context) error {
 }

 // DeleteAccount deletes the accounts that the user requests to be deleted from the wallet.
-func DeleteAccount(ctx context.Context, cfg *DeleteAccountConfig) error {
+func DeleteAccount(ctx context.Context, cfg *AccountsConfig) error {
 	switch cfg.Wallet.KeymanagerKind() {
 	case keymanager.Remote:
 		return errors.New("cannot delete accounts for a remote keymanager")
@@ -118,12 +111,12 @@ func DeleteAccount(ctx context.Context, cfg *DeleteAccountConfig) error {
 		if !ok {
 			return errors.New("not a imported keymanager")
 		}
-		if len(cfg.PublicKeys) == 1 {
+		if len(cfg.DeletePublicKeys) == 1 {
 			log.Info("Deleting account...")
 		} else {
 			log.Info("Deleting accounts...")
 		}
-		if err := km.DeleteAccounts(ctx, cfg.PublicKeys); err != nil {
+		if err := km.DeleteAccounts(ctx, cfg.DeletePublicKeys); err != nil {
 			return errors.Wrap(err, "could not delete accounts")
 		}
 	case keymanager.Derived:
--- a/validator/accounts/accounts_enable_disable.go
+++ b/validator/accounts/accounts_enable_disable.go
@@ -0,0 +1,275 @@
+package accounts
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/pkg/errors"
+	"github.com/prysmaticlabs/prysm/shared/bytesutil"
+	"github.com/prysmaticlabs/prysm/shared/promptutil"
+	"github.com/prysmaticlabs/prysm/validator/accounts/iface"
+	"github.com/prysmaticlabs/prysm/validator/accounts/prompt"
+	"github.com/prysmaticlabs/prysm/validator/accounts/wallet"
+	"github.com/prysmaticlabs/prysm/validator/flags"
+	"github.com/prysmaticlabs/prysm/validator/keymanager"
+	"github.com/prysmaticlabs/prysm/validator/keymanager/imported"
+	"github.com/urfave/cli/v2"
+)
+
+// DisableAccountsCli disables via CLI the accounts that the user requests to be disabled from the wallet
+func DisableAccountsCli(cliCtx *cli.Context) error {
+	w, err := wallet.OpenWalletOrElseCli(cliCtx, func(cliCtx *cli.Context) (*wallet.Wallet, error) {
+		return nil, wallet.ErrNoWalletFound
+	})
+	if err != nil {
+		return errors.Wrap(err, "could not open wallet")
+	}
+	keymanager, err := w.InitializeKeymanager(cliCtx.Context, &iface.InitializeKeymanagerConfig{
+		SkipMnemonicConfirm: false,
+	})
+	if err != nil {
+		return errors.Wrap(err, "could not initialize keymanager")
+	}
+	validatingPublicKeys, err := keymanager.FetchValidatingPublicKeys(cliCtx.Context)
+	if err != nil {
+		return err
+	}
+	if len(validatingPublicKeys) == 0 {
+		return errors.New("wallet is empty, no accounts to disable")
+	}
+	// Allow the user to interactively select the accounts to disable or optionally
+	// provide them via cli flags as a string of comma-separated, hex strings.
+	filteredPubKeys, err := filterPublicKeysFromUserInput(
+		cliCtx,
+		flags.DisablePublicKeysFlag,
+		validatingPublicKeys,
+		prompt.SelectAccountsDisablePromptText,
+	)
+	if err != nil {
+		return errors.Wrap(err, "could not filter public keys for deactivation")
+	}
+	rawPublicKeys := make([][]byte, len(filteredPubKeys))
+	formattedPubKeys := make([]string, len(filteredPubKeys))
+	for i, pk := range filteredPubKeys {
+		pubKeyBytes := pk.Marshal()
+		rawPublicKeys[i] = pubKeyBytes
+		formattedPubKeys[i] = fmt.Sprintf("%#x", bytesutil.Trunc(pubKeyBytes))
+	}
+	allAccountStr := strings.Join(formattedPubKeys, ", ")
+	if !cliCtx.IsSet(flags.DisablePublicKeysFlag.Name) {
+		if len(filteredPubKeys) == 1 {
+			promptText := "Are you sure you want to disable 1 account? (%s) Y/N"
+			resp, err := promptutil.ValidatePrompt(
+				os.Stdin, fmt.Sprintf(promptText, au.BrightGreen(formattedPubKeys[0])), promptutil.ValidateYesOrNo,
+			)
+			if err != nil {
+				return err
+			}
+			if strings.ToLower(resp) == "n" {
+				return nil
+			}
+		} else {
+			promptText := "Are you sure you want to disable %d accounts? (%s) Y/N"
+			if len(filteredPubKeys) == len(validatingPublicKeys) {
+				promptText = fmt.Sprintf("Are you sure you want to disable all accounts? Y/N (%s)", au.BrightGreen(allAccountStr))
+			} else {
+				promptText = fmt.Sprintf(promptText, len(filteredPubKeys), au.BrightGreen(allAccountStr))
+			}
+			resp, err := promptutil.ValidatePrompt(os.Stdin, promptText, promptutil.ValidateYesOrNo)
+			if err != nil {
+				return err
+			}
+			if strings.ToLower(resp) == "n" {
+				return nil
+			}
+		}
+	}
+	if err := DisableAccounts(cliCtx.Context, &AccountsConfig{
+		Wallet:            w,
+		Keymanager:        keymanager,
+		DisablePublicKeys: rawPublicKeys,
+	}); err != nil {
+		return err
+	}
+	log.WithField("publicKeys", allAccountStr).Info("Accounts disabled")
+	return nil
+}
+
+// EnableAccountsCli enables via CLI the accounts that the user requests to be enabled from the wallet
+func EnableAccountsCli(cliCtx *cli.Context) error {
+	w, err := wallet.OpenWalletOrElseCli(cliCtx, func(cliCtx *cli.Context) (*wallet.Wallet, error) {
+		return nil, wallet.ErrNoWalletFound
+	})
+	if err != nil {
+		return errors.Wrap(err, "could not open wallet")
+	}
+	ikeymanager, err := w.InitializeKeymanager(cliCtx.Context, &iface.InitializeKeymanagerConfig{
+		SkipMnemonicConfirm: false,
+	})
+	if err != nil {
+		return errors.Wrap(err, "could not initialize keymanager")
+	}
+	switch w.KeymanagerKind() {
+	case keymanager.Remote:
+		return errors.New("cannot enable accounts for a remote keymanager")
+	case keymanager.Imported:
+		km, ok := ikeymanager.(*imported.Keymanager)
+		if !ok {
+			return errors.New("not a imported keymanager")
+		}
+		disabledPublicKeys := km.KeymanagerOpts().DisabledPublicKeys
+		if len(disabledPublicKeys) == 0 {
+			return errors.New("No accounts are disabled.")
+		}
+		disabledPublicKeys48 := make([][48]byte, len(disabledPublicKeys))
+		for i := range disabledPublicKeys {
+			disabledPublicKeys48[i] = bytesutil.ToBytes48(disabledPublicKeys[i])
+		}
+
+		// Allow the user to interactively select the accounts to enable or optionally
+		// provide them via cli flags as a string of comma-separated, hex strings.
+		filteredPubKeys, err := filterPublicKeysFromUserInput(
+			cliCtx,
+			flags.EnablePublicKeysFlag,
+			disabledPublicKeys48,
+			prompt.SelectAccountsEnablePromptText,
+		)
+		if err != nil {
+			return errors.Wrap(err, "could not filter public keys for activation")
+		}
+		rawPublicKeys := make([][]byte, len(filteredPubKeys))
+		formattedPubKeys := make([]string, len(filteredPubKeys))
+		for i, pk := range filteredPubKeys {
+			pubKeyBytes := pk.Marshal()
+			rawPublicKeys[i] = pubKeyBytes
+			formattedPubKeys[i] = fmt.Sprintf("%#x", bytesutil.Trunc(pubKeyBytes))
+		}
+		allAccountStr := strings.Join(formattedPubKeys, ", ")
+		if !cliCtx.IsSet(flags.EnablePublicKeysFlag.Name) {
+			if len(filteredPubKeys) == 1 {
+				promptText := "Are you sure you want to enable 1 account? (%s) Y/N"
+				resp, err := promptutil.ValidatePrompt(
+					os.Stdin, fmt.Sprintf(promptText, au.BrightGreen(formattedPubKeys[0])), promptutil.ValidateYesOrNo,
+				)
+				if err != nil {
+					return err
+				}
+				if strings.ToLower(resp) == "n" {
+					return nil
+				}
+			} else {
+				promptText := "Are you sure you want to enable %d accounts? (%s) Y/N"
+				if len(filteredPubKeys) == len(disabledPublicKeys48) {
+					promptText = fmt.Sprintf("Are you sure you want to enable all accounts? Y/N (%s)", au.BrightGreen(allAccountStr))
+				} else {
+					promptText = fmt.Sprintf(promptText, len(filteredPubKeys), au.BrightGreen(allAccountStr))
+				}
+				resp, err := promptutil.ValidatePrompt(os.Stdin, promptText, promptutil.ValidateYesOrNo)
+				if err != nil {
+					return err
+				}
+				if strings.ToLower(resp) == "n" {
+					return nil
+				}
+			}
+		}
+		if err := EnableAccounts(cliCtx.Context, &AccountsConfig{
+			Wallet:           w,
+			Keymanager:       ikeymanager,
+			EnablePublicKeys: rawPublicKeys,
+		}); err != nil {
+			return err
+		}
+		log.WithField("publicKeys", allAccountStr).Info("Accounts enabled")
+		return nil
+	case keymanager.Derived:
+		return errors.New("cannot enable accounts for a derived keymanager")
+	default:
+		return fmt.Errorf("keymanager kind %s not supported", w.KeymanagerKind())
+	}
+}
+
+// DisableAccount disables the accounts that the user requests to be disabled from the wallet
+func DisableAccounts(ctx context.Context, cfg *AccountsConfig) error {
+	switch cfg.Wallet.KeymanagerKind() {
+	case keymanager.Remote:
+		return errors.New("cannot disable accounts for a remote keymanager")
+	case keymanager.Imported:
+		km, ok := cfg.Keymanager.(*imported.Keymanager)
+		if !ok {
+			return errors.New("not a imported keymanager")
+		}
+		if len(cfg.DisablePublicKeys) == 1 {
+			log.Info("Disabling account...")
+		} else {
+			log.Info("Disabling accounts...")
+		}
+		updatedOpts := km.KeymanagerOpts()
+		// updatedDisabledPubKeys := make([][48]byte, 0)
+		existingDisabledPubKeys := make(map[[48]byte]bool, len(updatedOpts.DisabledPublicKeys))
+		for _, pk := range updatedOpts.DisabledPublicKeys {
+			existingDisabledPubKeys[bytesutil.ToBytes48(pk)] = true
+		}
+		for _, pk := range cfg.DisablePublicKeys {
+			if _, ok := existingDisabledPubKeys[bytesutil.ToBytes48(pk)]; !ok {
+				updatedOpts.DisabledPublicKeys = append(updatedOpts.DisabledPublicKeys, pk)
+			}
+		}
+		keymanagerConfig, err := imported.MarshalOptionsFile(ctx, updatedOpts)
+		if err != nil {
+			return errors.Wrap(err, "could not marshal keymanager config file")
+		}
+		if err := cfg.Wallet.WriteKeymanagerConfigToDisk(ctx, keymanagerConfig); err != nil {
+			return errors.Wrap(err, "could not write keymanager config to disk")
+		}
+	case keymanager.Derived:
+		return errors.New("cannot disable accounts for a derived keymanager")
+	default:
+		return fmt.Errorf("keymanager kind %s not supported", cfg.Wallet.KeymanagerKind())
+	}
+	return nil
+}
+
+// EnableAccounts enables the accounts that the user requests to be enabled from the wallet
+func EnableAccounts(ctx context.Context, cfg *AccountsConfig) error {
+	switch cfg.Wallet.KeymanagerKind() {
+	case keymanager.Remote:
+		return errors.New("cannot enable accounts for a remote keymanager")
+	case keymanager.Imported:
+		km, ok := cfg.Keymanager.(*imported.Keymanager)
+		if !ok {
+			return errors.New("not a imported keymanager")
+		}
+		if len(cfg.EnablePublicKeys) == 1 {
+			log.Info("Enabling account...")
+		} else {
+			log.Info("Enabling accounts...")
+		}
+		updatedOpts := km.KeymanagerOpts()
+		updatedDisabledPubKeys := make([][]byte, 0)
+		setEnablePubKeys := make(map[[48]byte]bool, len(cfg.EnablePublicKeys))
+		for _, pk := range cfg.EnablePublicKeys {
+			setEnablePubKeys[bytesutil.ToBytes48(pk)] = true
+		}
+		for _, pk := range updatedOpts.DisabledPublicKeys {
+			if _, ok := setEnablePubKeys[bytesutil.ToBytes48(pk)]; !ok {
+				updatedDisabledPubKeys = append(updatedDisabledPubKeys, pk)
+			}
+		}
+		updatedOpts.DisabledPublicKeys = updatedDisabledPubKeys
+		keymanagerConfig, err := imported.MarshalOptionsFile(ctx, updatedOpts)
+		if err != nil {
+			return errors.Wrap(err, "could not marshal keymanager config file")
+		}
+		if err := cfg.Wallet.WriteKeymanagerConfigToDisk(ctx, keymanagerConfig); err != nil {
+			return errors.Wrap(err, "could not write keymanager config to disk")
+		}
+	case keymanager.Derived:
+		return errors.New("cannot enable accounts for a derived keymanager")
+	default:
+		return fmt.Errorf("keymanager kind %s not supported", cfg.Wallet.KeymanagerKind())
+	}
+	return nil
+}
--- a/validator/accounts/accounts_enable_disable_test.go
+++ b/validator/accounts/accounts_enable_disable_test.go
@@ -0,0 +1,143 @@
+package accounts
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"math/big"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/prysmaticlabs/prysm/shared/bytesutil"
+	"github.com/prysmaticlabs/prysm/shared/testutil/assert"
+	"github.com/prysmaticlabs/prysm/shared/testutil/require"
+	"github.com/prysmaticlabs/prysm/validator/accounts/iface"
+	"github.com/prysmaticlabs/prysm/validator/accounts/wallet"
+	"github.com/prysmaticlabs/prysm/validator/keymanager"
+)
+
+func TestDisableAccounts_Noninteractive(t *testing.T) {
+	walletDir, _, passwordFilePath := setupWalletAndPasswordsDir(t)
+	randPath, err := rand.Int(rand.Reader, big.NewInt(1000000))
+	require.NoError(t, err, "Could not generate random file path")
+	// Write a directory where we will import keys from.
+	keysDir := filepath.Join(t.TempDir(), fmt.Sprintf("/%d", randPath), "keysDir")
+	require.NoError(t, os.MkdirAll(keysDir, os.ModePerm))
+
+	// Create 3 keystore files in the keys directory we can then
+	// import from in our wallet.
+	k1, _ := createKeystore(t, keysDir)
+	time.Sleep(time.Second)
+	k2, _ := createKeystore(t, keysDir)
+	time.Sleep(time.Second)
+	k3, _ := createKeystore(t, keysDir)
+	generatedPubKeys := []string{k1.Pubkey, k2.Pubkey, k3.Pubkey}
+	// Only disable keys 0 and 1.
+	disablePublicKeys := strings.Join(generatedPubKeys[0:2], ",")
+	// We initialize a wallet with a imported keymanager.
+	cliCtx := setupWalletCtx(t, &testWalletConfig{
+		// Wallet configuration flags.
+		walletDir:           walletDir,
+		keymanagerKind:      keymanager.Imported,
+		walletPasswordFile:  passwordFilePath,
+		accountPasswordFile: passwordFilePath,
+		// Flags required for ImportAccounts to work.
+		keysDir: keysDir,
+		// Flags required for DisableAccounts to work.
+		disablePublicKeys: disablePublicKeys,
+	})
+	w, err := CreateWalletWithKeymanager(cliCtx.Context, &CreateWalletConfig{
+		WalletCfg: &wallet.Config{
+			WalletDir:      walletDir,
+			KeymanagerKind: keymanager.Imported,
+			WalletPassword: password,
+		},
+	})
+	require.NoError(t, err)
+
+	// We attempt to import accounts.
+	require.NoError(t, ImportAccountsCli(cliCtx))
+
+	// We attempt to disable the accounts specified.
+	require.NoError(t, DisableAccountsCli(cliCtx))
+
+	keymanager, err := w.InitializeKeymanager(cliCtx.Context, &iface.InitializeKeymanagerConfig{SkipMnemonicConfirm: false})
+	require.NoError(t, err)
+	remainingAccounts, err := keymanager.FetchValidatingPublicKeys(cliCtx.Context)
+	require.NoError(t, err)
+	require.Equal(t, len(remainingAccounts), 1)
+	remainingPublicKey, err := hex.DecodeString(k3.Pubkey)
+	require.NoError(t, err)
+	assert.DeepEqual(t, remainingAccounts[0], bytesutil.ToBytes48(remainingPublicKey))
+}
+
+func TestEnableAccounts_Noninteractive(t *testing.T) {
+	walletDir, _, passwordFilePath := setupWalletAndPasswordsDir(t)
+	randPath, err := rand.Int(rand.Reader, big.NewInt(1000000))
+	require.NoError(t, err, "Could not generate random file path")
+	// Write a directory where we will import keys from.
+	keysDir := filepath.Join(t.TempDir(), fmt.Sprintf("/%d", randPath), "keysDir")
+	require.NoError(t, os.MkdirAll(keysDir, os.ModePerm))
+
+	// Create 3 keystore files in the keys directory we can then
+	// import from in our wallet.
+	k1, _ := createKeystore(t, keysDir)
+	time.Sleep(time.Second)
+	k2, _ := createKeystore(t, keysDir)
+	time.Sleep(time.Second)
+	k3, _ := createKeystore(t, keysDir)
+	generatedPubKeys := []string{k1.Pubkey, k2.Pubkey, k3.Pubkey}
+	// Disable all keys.
+	disablePublicKeys := strings.Join(generatedPubKeys, ",")
+	// Only enable keys 0 and 1.
+	enablePublicKeys := strings.Join(generatedPubKeys[0:2], ",")
+	// We initialize a wallet with a imported keymanager.
+	cliCtx := setupWalletCtx(t, &testWalletConfig{
+		walletDir:           walletDir,
+		keymanagerKind:      keymanager.Imported,
+		walletPasswordFile:  passwordFilePath,
+		accountPasswordFile: passwordFilePath,
+		keysDir:             keysDir,
+		disablePublicKeys:   disablePublicKeys,
+		// Flags required for EnableAccounts to work.
+		enablePublicKeys: enablePublicKeys,
+	})
+	w, err := CreateWalletWithKeymanager(cliCtx.Context, &CreateWalletConfig{
+		WalletCfg: &wallet.Config{
+			WalletDir:      walletDir,
+			KeymanagerKind: keymanager.Imported,
+			WalletPassword: password,
+		},
+	})
+	require.NoError(t, err)
+
+	// We attempt to import accounts.
+	require.NoError(t, ImportAccountsCli(cliCtx))
+
+	// We attempt to disable the accounts specified.
+	require.NoError(t, DisableAccountsCli(cliCtx))
+
+	km, err := w.InitializeKeymanager(cliCtx.Context, &iface.InitializeKeymanagerConfig{SkipMnemonicConfirm: false})
+	require.NoError(t, err)
+	remainingAccounts, err := km.FetchValidatingPublicKeys(cliCtx.Context)
+	require.NoError(t, err)
+	require.Equal(t, len(remainingAccounts), 0)
+
+	// We attempt to enable the accounts specified.
+	require.NoError(t, EnableAccountsCli(cliCtx))
+
+	km, err = w.InitializeKeymanager(cliCtx.Context, &iface.InitializeKeymanagerConfig{SkipMnemonicConfirm: false})
+	require.NoError(t, err)
+	remainingAccounts, err = km.FetchValidatingPublicKeys(cliCtx.Context)
+	require.NoError(t, err)
+	require.Equal(t, len(remainingAccounts), 2)
+	remainingPublicKey1, err := hex.DecodeString(k1.Pubkey)
+	require.NoError(t, err)
+	remainingPublicKey2, err := hex.DecodeString(k2.Pubkey)
+	require.NoError(t, err)
+	assert.DeepEqual(t, remainingAccounts[0], bytesutil.ToBytes48(remainingPublicKey1))
+	assert.DeepEqual(t, remainingAccounts[1], bytesutil.ToBytes48(remainingPublicKey2))
+}
--- a/validator/accounts/accounts_list.go
+++ b/validator/accounts/accounts_list.go
@@ -93,7 +93,7 @@ func listImportedKeymanagerAccounts(
 			"by running `validator accounts list --show-deposit-data"),
 	)

-	pubKeys, err := keymanager.FetchValidatingPublicKeys(ctx)
+	pubKeys, err := keymanager.FetchAllValidatingPublicKeys(ctx)
 	if err != nil {
 		return errors.Wrap(err, "could not fetch validating public keys")
 	}
@@ -134,7 +134,7 @@ func listDerivedKeymanagerAccounts(
 	au := aurora.NewAurora(true)
 	fmt.Printf("(keymanager kind) %s\n", au.BrightGreen("derived, (HD) hierarchical-deterministic").Bold())
 	fmt.Printf("(derivation format) %s\n", au.BrightGreen(keymanager.KeymanagerOpts().DerivedPathStructure).Bold())
-	validatingPubKeys, err := keymanager.FetchValidatingPublicKeys(ctx)
+	validatingPubKeys, err := keymanager.FetchAllValidatingPublicKeys(ctx)
 	if err != nil {
 		return errors.Wrap(err, "could not fetch validating public keys")
 	}
@@ -226,7 +226,7 @@ func listRemoteKeymanagerAccounts(
 	fmt.Println(" ")
 	fmt.Printf("%s\n", au.BrightGreen("Configuration options").Bold())
 	fmt.Println(opts)
-	validatingPubKeys, err := keymanager.FetchValidatingPublicKeys(ctx)
+	validatingPubKeys, err := keymanager.FetchAllValidatingPublicKeys(ctx)
 	if err != nil {
 		return errors.Wrap(err, "could not fetch validating public keys")
 	}
--- a/validator/accounts/accounts_list_test.go
+++ b/validator/accounts/accounts_list_test.go
@@ -33,6 +33,10 @@ func (m *mockRemoteKeymanager) FetchValidatingPublicKeys(_ context.Context) ([][
 	return m.publicKeys, nil
 }

+func (m *mockRemoteKeymanager) FetchAllValidatingPublicKeys(_ context.Context) ([][48]byte, error) {
+	return m.publicKeys, nil
+}
+
 func (m *mockRemoteKeymanager) Sign(context.Context, *validatorpb.SignRequest) (bls.Signature, error) {
 	return nil, nil
 }
--- a/validator/accounts/cmd_accounts.go
+++ b/validator/accounts/cmd_accounts.go
@@ -70,6 +70,56 @@ this command outputs a deposit data string which is required to become a validat
 				return nil
 			},
 		},
+		{
+			Name:        "disable",
+			Description: "Disable the selected accounts from a users wallet.",
+			Flags: cmd.WrapFlags([]cli.Flag{
+				flags.WalletDirFlag,
+				flags.WalletPasswordFileFlag,
+				flags.DisablePublicKeysFlag,
+				featureconfig.ToledoTestnet,
+				featureconfig.PyrmontTestnet,
+				cmd.AcceptTosFlag,
+			}),
+			Before: func(cliCtx *cli.Context) error {
+				if err := cmd.LoadFlagsFromConfig(cliCtx, cliCtx.Command.Flags); err != nil {
+					return err
+				}
+				return tos.VerifyTosAcceptedOrPrompt(cliCtx)
+			},
+			Action: func(cliCtx *cli.Context) error {
+				featureconfig.ConfigureValidator(cliCtx)
+				if err := DisableAccountsCli(cliCtx); err != nil {
+					log.Fatalf("Could not disable account: %v", err)
+				}
+				return nil
+			},
+		},
+		{
+			Name:        "enable",
+			Description: "Enable the selected accounts from a users wallet.",
+			Flags: cmd.WrapFlags([]cli.Flag{
+				flags.WalletDirFlag,
+				flags.WalletPasswordFileFlag,
+				flags.EnablePublicKeysFlag,
+				featureconfig.ToledoTestnet,
+				featureconfig.PyrmontTestnet,
+				cmd.AcceptTosFlag,
+			}),
+			Before: func(cliCtx *cli.Context) error {
+				if err := cmd.LoadFlagsFromConfig(cliCtx, cliCtx.Command.Flags); err != nil {
+					return err
+				}
+				return tos.VerifyTosAcceptedOrPrompt(cliCtx)
+			},
+			Action: func(cliCtx *cli.Context) error {
+				featureconfig.ConfigureValidator(cliCtx)
+				if err := EnableAccountsCli(cliCtx); err != nil {
+					log.Fatalf("Could not enable account: %v", err)
+				}
+				return nil
+			},
+		},
 		{
 			Name:        "list",
 			Description: "Lists all validator accounts in a user's wallet directory",
--- a/validator/accounts/prompt/prompt.go
+++ b/validator/accounts/prompt/prompt.go
@@ -27,6 +27,10 @@ const (
 	SelectAccountsBackupPromptText = "Select the account(s) you wish to backup"
 	// SelectAccountsVoluntaryExitPromptText --
 	SelectAccountsVoluntaryExitPromptText = "Select the account(s) on which you wish to perform a voluntary exit"
+	// SelectAccountsDisablePromptText --
+	SelectAccountsDisablePromptText = "Select the account(s) you would like to disable"
+	// SelectAccountsEnablePromptText --
+	SelectAccountsEnablePromptText = "Select the account(s) you would like to enable"
 )

 var (
--- a/validator/accounts/wallet_create_test.go
+++ b/validator/accounts/wallet_create_test.go
@@ -45,6 +45,8 @@ type testWalletConfig struct {
 	backupDir               string
 	keysDir                 string
 	deletePublicKeys        string
+	enablePublicKeys        string
+	disablePublicKeys       string
 	voluntaryExitPublicKeys string
 	backupPublicKeys        string
 	backupPasswordFile      string
@@ -66,6 +68,8 @@ func setupWalletCtx(
 	set.String(flags.KeysDirFlag.Name, cfg.keysDir, "")
 	set.String(flags.KeymanagerKindFlag.Name, cfg.keymanagerKind.String(), "")
 	set.String(flags.DeletePublicKeysFlag.Name, cfg.deletePublicKeys, "")
+	set.String(flags.DisablePublicKeysFlag.Name, cfg.disablePublicKeys, "")
+	set.String(flags.EnablePublicKeysFlag.Name, cfg.enablePublicKeys, "")
 	set.String(flags.VoluntaryExitPublicKeysFlag.Name, cfg.voluntaryExitPublicKeys, "")
 	set.String(flags.BackupDirFlag.Name, cfg.backupDir, "")
 	set.String(flags.BackupPasswordFile.Name, cfg.backupPasswordFile, "")
@@ -85,6 +89,8 @@ func setupWalletCtx(
 	assert.NoError(tb, set.Set(flags.KeysDirFlag.Name, cfg.keysDir))
 	assert.NoError(tb, set.Set(flags.KeymanagerKindFlag.Name, cfg.keymanagerKind.String()))
 	assert.NoError(tb, set.Set(flags.DeletePublicKeysFlag.Name, cfg.deletePublicKeys))
+	assert.NoError(tb, set.Set(flags.DisablePublicKeysFlag.Name, cfg.disablePublicKeys))
+	assert.NoError(tb, set.Set(flags.EnablePublicKeysFlag.Name, cfg.enablePublicKeys))
 	assert.NoError(tb, set.Set(flags.VoluntaryExitPublicKeysFlag.Name, cfg.voluntaryExitPublicKeys))
 	assert.NoError(tb, set.Set(flags.BackupDirFlag.Name, cfg.backupDir))
 	assert.NoError(tb, set.Set(flags.BackupPublicKeysFlag.Name, cfg.backupPublicKeys))