feat: support multiple operator mnemonics for attestation signing

   Add support for configuring multiple operator mnemonics to fix 'no attestation' errors for allocations created with different operator
   keys (e.g., after key rotation or migration).

   Changes:
   - Add  config field alongside existing
   - Update attestation signer to try all configured mnemonics when
     deriving wallet for an allocation
   - Maintain full backward compatibility - existing configs work unchanged

   Configuration example:

Author: suchapalaver

crates/attestation/src/lib.rs

@@ -22,7 +22,21 @@
 
 [indexer]
 indexer_address = "0x1111111111111111111111111111111111111111"
+# Single operator mnemonic (for most setups)
 operator_mnemonic = "celery smart tip orange scare van steel radio dragon joy alarm crane"
+# For key rotation or migration, you can specify multiple mnemonics.
+# All configured mnemonics are tried when creating attestation signers,
+# allowing allocations created with different operator keys to work.
+#
+# Notes:
+# - The first mnemonic (from operator_mnemonic, or first in operator_mnemonics)
+#   is used as the "primary" identity shown on the /info endpoint.
+# - Both fields can be used together; duplicates are automatically ignored.
+# - Order matters: put your current/primary mnemonic first.
+#
+# operator_mnemonics = [
+#     "previous mnemonic phrase here if you rotated keys"
+# ]
 
 [metrics]
 # Port to serve metrics. This one should stay private.

crates/config/maximal-config-example.toml

@@ -12,7 +12,13 @@
 
 [indexer]
 indexer_address = "0x1111111111111111111111111111111111111111"
+# Single operator mnemonic (for most setups)
 operator_mnemonic = "celery smart tip orange scare van steel radio dragon joy alarm crane"
+# For key rotation or migration, you can specify multiple mnemonics:
+# operator_mnemonics = [
+#     "celery smart tip orange scare van steel radio dragon joy alarm crane",
+#     "previous mnemonic phrase here if you rotated keys"
+# ]
 
 [database]
 # The URL of the Postgres database used for the indexer components. The same database

crates/config/minimal-config-example.toml

@@ -155,6 +155,32 @@ impl Config {
 
     // custom validation of the values
     fn validate(&self) -> Result<(), String> {
+        // Validate that at least one operator mnemonic is configured
+        if self.indexer.operator_mnemonic.is_none()
+            && self
+                .indexer
+                .operator_mnemonics
+                .as_ref()
+                .is_none_or(|v| v.is_empty())
+        {
+            return Err("No operator mnemonic configured. \
+                Set either `indexer.operator_mnemonic` or `indexer.operator_mnemonics`."
+                .to_string());
+        }
+
+        // Warn if the same mnemonic appears in both fields (will be deduplicated)
+        if let (Some(singular), Some(plural)) = (
+            &self.indexer.operator_mnemonic,
+            &self.indexer.operator_mnemonics,
+        ) {
+            if plural.contains(singular) {
+                tracing::warn!(
+                    "The same mnemonic appears in both `operator_mnemonic` and \
+                    `operator_mnemonics`. The duplicate will be ignored."
+                );
+            }
+        }
+
         match &self.tap.rav_request.trigger_value_divisor {
             x if *x <= 1.into() => {
                 return Err("trigger_value_divisor must be greater than 1".to_string())
@@ -290,7 +316,44 @@ impl Config {
 #[cfg_attr(test, derive(PartialEq))]
 pub struct IndexerConfig {
     pub indexer_address: Address,
-    pub operator_mnemonic: Mnemonic,
+    /// Single operator mnemonic (for backward compatibility).
+    /// Use `operator_mnemonics` for multiple mnemonics.
+    #[serde(default)]
+    pub operator_mnemonic: Option<Mnemonic>,
+    /// Multiple operator mnemonics for supporting allocations created
+    /// with different operator keys (e.g., after key rotation or migration).
+    #[serde(default)]
+    pub operator_mnemonics: Option<Vec<Mnemonic>>,
+}
+
+impl IndexerConfig {
+    /// Get all configured operator mnemonics.
+    ///
+    /// Returns mnemonics from both `operator_mnemonic` (singular) and
+    /// `operator_mnemonics` (plural) fields combined. This allows for
+    /// backward compatibility while supporting multiple mnemonics.
+    ///
+    /// Note: Config validation ensures at least one mnemonic is configured
+    /// before this method is called. Returns an empty Vec only if called
+    /// on an unvalidated config.
+    pub fn get_operator_mnemonics(&self) -> Vec<Mnemonic> {
+        let mut mnemonics = Vec::new();
+
+        if let Some(ref mnemonic) = self.operator_mnemonic {
+            mnemonics.push(mnemonic.clone());
+        }
+
+        if let Some(ref additional) = self.operator_mnemonics {
+            for m in additional {
+                // Avoid duplicates if the same mnemonic is in both fields
+                if !mnemonics.iter().any(|existing| existing == m) {
+                    mnemonics.push(m.clone());
+                }
+            }
+        }
+
+        mnemonics
+    }
 }
 
 #[derive(Debug, Deserialize, Clone)]
@@ -752,12 +815,13 @@ mod tests {
         str::FromStr,
     };
 
+    use bip39::Mnemonic;
     use figment::value::Uncased;
     use sealed_test::prelude::*;
     use thegraph_core::alloy::primitives::{address, Address, FixedBytes, U256};
     use tracing_test::traced_test;
 
-    use super::{DatabaseConfig, SHARED_PREFIX};
+    use super::{DatabaseConfig, IndexerConfig, SHARED_PREFIX};
     use crate::{Config, ConfigPrefix};
 
     #[test]
@@ -1128,4 +1192,168 @@ mod tests {
             test_value
         );
     }
+
+    const MNEMONIC_1: &str =
+        "abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about";
+    const MNEMONIC_2: &str = "zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo zoo wrong";
+    const MNEMONIC_3: &str =
+        "legal winner thank year wave sausage worth useful legal winner thank yellow";
+
+    /// Test that duplicate mnemonics in both operator_mnemonic and operator_mnemonics
+    /// are deduplicated.
+    #[test]
+    fn test_get_operator_mnemonics_deduplication() {
+        let mnemonic = Mnemonic::from_str(MNEMONIC_1).unwrap();
+
+        // Same mnemonic in both fields
+        let config = IndexerConfig {
+            indexer_address: Address::ZERO,
+            operator_mnemonic: Some(mnemonic.clone()),
+            operator_mnemonics: Some(vec![mnemonic.clone()]),
+        };
+
+        let result = config.get_operator_mnemonics();
+
+        assert_eq!(
+            result.len(),
+            1,
+            "Duplicate mnemonics should be deduplicated"
+        );
+        assert_eq!(result[0], mnemonic);
+    }
+
+    /// Test that order is preserved: singular field first, then plural field entries.
+    #[test]
+    fn test_get_operator_mnemonics_order_preserved() {
+        let mnemonic_1 = Mnemonic::from_str(MNEMONIC_1).unwrap();
+        let mnemonic_2 = Mnemonic::from_str(MNEMONIC_2).unwrap();
+        let mnemonic_3 = Mnemonic::from_str(MNEMONIC_3).unwrap();
+
+        let config = IndexerConfig {
+            indexer_address: Address::ZERO,
+            operator_mnemonic: Some(mnemonic_1.clone()),
+            operator_mnemonics: Some(vec![mnemonic_2.clone(), mnemonic_3.clone()]),
+        };
+
+        let result = config.get_operator_mnemonics();
+
+        assert_eq!(result.len(), 3, "Should have 3 distinct mnemonics");
+        assert_eq!(
+            result[0], mnemonic_1,
+            "First should be from operator_mnemonic"
+        );
+        assert_eq!(
+            result[1], mnemonic_2,
+            "Second should be first from operator_mnemonics"
+        );
+        assert_eq!(
+            result[2], mnemonic_3,
+            "Third should be second from operator_mnemonics"
+        );
+    }
+
+    /// Test combining both fields with partial overlap produces correct merged result.
+    #[test]
+    fn test_get_operator_mnemonics_combined_with_overlap() {
+        let mnemonic_1 = Mnemonic::from_str(MNEMONIC_1).unwrap();
+        let mnemonic_2 = Mnemonic::from_str(MNEMONIC_2).unwrap();
+        let mnemonic_3 = Mnemonic::from_str(MNEMONIC_3).unwrap();
+
+        // mnemonic_1 is in both fields (should be deduplicated)
+        // mnemonic_2 and mnemonic_3 are only in operator_mnemonics
+        let config = IndexerConfig {
+            indexer_address: Address::ZERO,
+            operator_mnemonic: Some(mnemonic_1.clone()),
+            operator_mnemonics: Some(vec![
+                mnemonic_1.clone(), // duplicate
+                mnemonic_2.clone(),
+                mnemonic_3.clone(),
+            ]),
+        };
+
+        let result = config.get_operator_mnemonics();
+
+        assert_eq!(
+            result.len(),
+            3,
+            "Should have 3 mnemonics after deduplication"
+        );
+        assert_eq!(result[0], mnemonic_1, "First should be mnemonic_1");
+        assert_eq!(result[1], mnemonic_2, "Second should be mnemonic_2");
+        assert_eq!(result[2], mnemonic_3, "Third should be mnemonic_3");
+    }
+
+    /// Test that only operator_mnemonic (singular) works correctly.
+    #[test]
+    fn test_get_operator_mnemonics_singular_only() {
+        let mnemonic = Mnemonic::from_str(MNEMONIC_1).unwrap();
+
+        let config = IndexerConfig {
+            indexer_address: Address::ZERO,
+            operator_mnemonic: Some(mnemonic.clone()),
+            operator_mnemonics: None,
+        };
+
+        let result = config.get_operator_mnemonics();
+
+        assert_eq!(result.len(), 1);
+        assert_eq!(result[0], mnemonic);
+    }
+
+    /// Test that only operator_mnemonics (plural) works correctly.
+    #[test]
+    fn test_get_operator_mnemonics_plural_only() {
+        let mnemonic_1 = Mnemonic::from_str(MNEMONIC_1).unwrap();
+        let mnemonic_2 = Mnemonic::from_str(MNEMONIC_2).unwrap();
+
+        let config = IndexerConfig {
+            indexer_address: Address::ZERO,
+            operator_mnemonic: None,
+            operator_mnemonics: Some(vec![mnemonic_1.clone(), mnemonic_2.clone()]),
+        };
+
+        let result = config.get_operator_mnemonics();
+
+        assert_eq!(result.len(), 2);
+        assert_eq!(result[0], mnemonic_1);
+        assert_eq!(result[1], mnemonic_2);
+    }
+
+    /// Test that config validation rejects when no operator mnemonics are configured.
+    #[sealed_test(files = ["minimal-config-example.toml"])]
+    fn test_validation_rejects_missing_operator_mnemonics() {
+        let mut minimal_config: toml::Value = toml::from_str(
+            fs::read_to_string("minimal-config-example.toml")
+                .unwrap()
+                .as_str(),
+        )
+        .unwrap();
+
+        // Remove operator_mnemonic from the config
+        minimal_config
+            .get_mut("indexer")
+            .unwrap()
+            .as_table_mut()
+            .unwrap()
+            .remove("operator_mnemonic");
+
+        // Save to temp file
+        let temp_config_path = tempfile::NamedTempFile::new().unwrap();
+        fs::write(
+            temp_config_path.path(),
+            toml::to_string(&minimal_config).unwrap(),
+        )
+        .unwrap();
+
+        // Parse should fail due to validation
+        let result = Config::parse(
+            ConfigPrefix::Service,
+            Some(PathBuf::from(temp_config_path.path())).as_ref(),
+        );
+
+        assert!(result.is_err());
+        assert!(result
+            .unwrap_err()
+            .contains("No operator mnemonic configured"));
+    }
 }

crates/config/src/config.rs

@@ -19,23 +19,30 @@ use crate::{AllocationWatcher, DisputeManagerWatcher};
 pub type AttestationWatcher = Receiver<HashMap<Address, AttestationSigner>>;
 
 /// An always up-to-date list of attestation signers, one for each of the indexer's allocations.
+///
+/// This function accepts multiple mnemonics to support allocations created with different
+/// operator keys (e.g., after key rotation or migration).
 pub fn attestation_signers(
     indexer_allocations_rx: AllocationWatcher,
-    indexer_mnemonic: Mnemonic,
+    indexer_mnemonics: Vec<Mnemonic>,
     chain_id: ChainId,
     dispute_manager_rx: DisputeManagerWatcher,
 ) -> AttestationWatcher {
     let attestation_signers_map: &'static Mutex<HashMap<Address, AttestationSigner>> =
         Box::leak(Box::new(Mutex::new(HashMap::new())));
-    let indexer_mnemonic = Arc::new(indexer_mnemonic.to_string());
+    let indexer_mnemonics: Arc<[String]> = indexer_mnemonics
+        .iter()
+        .map(|m| m.to_string())
+        .collect::<Vec<_>>()
+        .into();
 
     join_and_map_watcher(
         indexer_allocations_rx,
         dispute_manager_rx,
         move |(allocation, dispute)| {
-            let indexer_mnemonic = indexer_mnemonic.clone();
+            let indexer_mnemonics = indexer_mnemonics.clone();
             modify_signers(
-                &indexer_mnemonic,
+                &indexer_mnemonics,
                 chain_id,
                 attestation_signers_map,
                 &allocation,
@@ -44,8 +51,9 @@ pub fn attestation_signers(
         },
     )
 }
+
 fn modify_signers(
-    indexer_mnemonic: &str,
+    indexer_mnemonics: &[String],
     chain_id: ChainId,
     attestation_signers_map: &'static Mutex<HashMap<Address, AttestationSigner>>,
     allocations: &HashMap<Address, Allocation>,
@@ -62,11 +70,16 @@ fn modify_signers(
                 allocation_id = ?allocation.id,
                 deployment_id = ?allocation.subgraph_deployment.id,
                 created_at_epoch = allocation.created_at_epoch,
+                mnemonic_count = indexer_mnemonics.len(),
                 "Attempting to create attestation signer for allocation"
             );
 
-            let signer =
-                AttestationSigner::new(indexer_mnemonic, allocation, chain_id, *dispute_manager);
+            let signer = AttestationSigner::new_with_mnemonics(
+                indexer_mnemonics,
+                allocation,
+                chain_id,
+                *dispute_manager,
+            );
             match signer {
                 Ok(signer) => {
                     tracing::debug!(
@@ -80,6 +93,7 @@ fn modify_signers(
                         allocation_id = ?allocation.id,
                         deployment_id = ?allocation.subgraph_deployment.id,
                         created_at_epoch = allocation.created_at_epoch,
+                        mnemonic_count = indexer_mnemonics.len(),
                         error = %e,
                         "Failed to establish signer for allocation"
                     );
@@ -111,7 +125,7 @@ mod tests {
         let (_, dispute_manager_rx) = watch::channel(DISPUTE_MANAGER_ADDRESS);
         let mut signers = attestation_signers(
             allocations_rx,
-            INDEXER_MNEMONIC.clone(),
+            vec![INDEXER_MNEMONIC.clone()],
             1,
             dispute_manager_rx,
         );

crates/monitor/src/attestation.rs

@@ -61,7 +61,7 @@ mod tests {
         let (_, dispute_manager_rx) = watch::channel(DISPUTE_MANAGER_ADDRESS);
         let attestation_signers = attestation_signers(
             allocations_rx,
-            INDEXER_MNEMONIC.clone(),
+            vec![INDEXER_MNEMONIC.clone()],
             1,
             dispute_manager_rx,
         );