Welcome to Fystack! This guide will help you get up and running quickly with our infrastructure, including:
- Apex: The backend core API
- MPCIUM: Self-hosted MPC nodes for secure signing and key management
Linux only right now. Native macOS and Windows support is coming soon.
Fystack is a self-hosted custodial wallet platform built on MPC (Multi-Party Computation) so you can run secure threshold cryptography on hardware you control—no third-party custody required.
With Fystack you keep full ownership of:
- MPC nodes that handle distributed keygen and signing
- Key material and policies with no external dependencies
- Threshold signature security that scales across on-prem and private cloud setups
Run ./fystack-ignite.sh to spin up the entire test stack in minutes. The quick start gives you hands-on access to Apex plus a local MPCIUM cluster so you can explore the architecture, build against real services, and validate the workflow before production.
The API backend that handles:
- Wallet and User management
- Key orchestration and policy enforcement
- Audit logging
- API Keys
- Transaction indexing
Each node runs part of the threshold signing/keygen logic (based on Binance's tss-lib) and communicates securely with Apex and otherpeers.
Indexes the latest blocks from the blockchain in real-time, keeping track of on-chain transactions and events relevant to your wallets.
Reindexes block gaps to ensure complete blockchain data coverage, filling in any missing blocks or transactions that may have been skipped during initial indexing.
- Docker and Docker Compose installed
- Bash shell
- Internet connection
- Recommended system: 8v CPU, 16GB RAM
📺 Video Tutorial: Watch the complete setup walkthrough on YouTube:
First, authenticate with the Fystack Labs Docker registry:
docker login -u fystacklabsWhen prompted, enter your password.
Need the Docker password? Join the Fystack Telegram community to get access:
cp ./dev/config.yaml.template ./dev/config.yaml
cp ./dev/config.rescanner.yaml.template ./dev/config.rescanner.yaml
cp ./dev/config.indexer.yaml.template ./dev/config.indexer.yaml
Important: You don't need to update all configuration values. The only mandatory configuration is the CoinMarketCap API key. Visit https://pro.coinmarketcap.com/login/ to create a CoinMarketCap API key, then add it to
config.yamlunder theprice_providersconfiguration.
Change to the root directory, make the start script executable. Make sure you are at the root folder of the project
chmod +x ./fystack-ignite.shRun the complete setup and startup script at the root folder of the project.
./fystack-ignite.shThis script will automatically:
- Generate MPCIUM node configurations
- Start all Docker Compose services
- Extract encryption keys
- Configure and restart the Apex service
Services started include:
- NATS messaging server (port 4223)
- Consul service discovery (port 8501)
- PostgreSQL database (port 5433)
- Redis (port 6380)
- MongoDB (port 27018)
- Apex API (port 8150)
- 3 MPC nodes (node0, node1, node2)
- Automatic peer registration
Once all services are running, you can access the Fystack portal at http://localhost:8015
Check that all services are running:
docker compose -f ./dev/docker-compose.yaml psYou should see all services in the "Up" state.
Monitor the cluster logs:
# View all service logs
docker compose -f ./dev/docker-compose.yaml logs -f
# View logs from a specific node
docker compose -f ./dev/docker-compose.yaml logs -f mpcium-node0Your Fystack cluster includes:
Note: PostgreSQL, Redis, MongoDB, NATS, and Consul ports have been increased by 1 to avoid conflicts with your development environment. All ports are bound to 127.0.0.1 (localhost) for security.
| Service | Purpose | Port |
|---|---|---|
| NATS Server | Messaging layer for node communication | 4223 |
| Consul | Service discovery and health checks | 8501 |
| PostgreSQL | Database for custody operations | 5433 |
| Redis | In-memory data store | 6380 |
| MongoDB | Document database | 27018 |
| Apex API | Main API service | 8150 |
| Migrate | Database migration service | - |
| Rescanner | Reindexes block gaps for complete data | - |
| Multichain Indexer | Indexes blockchain transactions in real-time | - |
| Fystack UI Community | Community web interface for Fystack | 8015 |
| MPC Node 0 | First MPC node | 8080 |
| MPC Node 1 | Second MPC node | 8081 |
| MPC Node 2 | Third MPC node | 8082 |
| MPCIUM Init | Peer registration service | - |
Once your Fystack cluster is running, you can test the wallet creation flow using the provided end-to-end test script.
Make the E2E test script executable:
chmod +x ./e2e/create-wallet.shExecute the wallet creation test:
./e2e/create-wallet.shThis script will:
- Register a test user
- Sign in and create a workspace
- Start a session
- Create an MPC wallet
Monitor the Apex API logs to verify successful wallet creation:
docker compose -f ./dev/docker-compose.yaml logs -f apexExpected successful output:
3:15AM INF Enqueueing message
3:15AM INF Message published message len=407 topic=auditlog.event.dispatch
3:15AM INF Received message meta={"Consumer":"event","Domain":"","NumDelivered":1,"NumPending":0,"Sequence":{"consumer_seq":2,"stream_seq":2},"Stream":"auditlog","Timestamp":"2025-08-06T03:15:55.887251886Z"}
3:15AM INF Message Acknowledged meta={"Consumer":"event","Domain":"","NumDelivered":1,"NumPending":0,"Sequence":{"consumer_seq":2,"stream_seq":2},"Stream":"auditlog","Timestamp":"2025-08-06T03:15:55.887251886Z"}
3:15AM INF Received message meta={"Consumer":"mpc_keygen_result","Domain":"","NumDelivered":1,"NumPending":0,"Sequence":{"consumer_seq":1,"stream_seq":1},"Stream":"mpc","Timestamp":"2025-08-06T03:15:59.081703423Z"}
3:15AM INF Process MPC generation successfully walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce
3:15AM INF Message Acknowledged meta={"Consumer":"mpc_keygen_result","Domain":"","NumDelivered":1,"NumPending":0,"Sequence":{"consumer_seq":1,"stream_seq":1},"Stream":"mpc","Timestamp":"2025-08-06T03:15:59.081703423Z"}
Verify the MPC key generation process on any node (e.g., node0):
docker compose -f ./dev/docker-compose.yaml logs -f mpcium-node0Expected successful output:
2025-08-06 03:15:55.000 INF Initializing session with partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}]
2025-08-06 03:15:55.000 INF [INITIALIZED] Initialized session successfully partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}], walletID a8f47f60-540d-4d23-8743-6fd8b5abe5ce, threshold = 2
2025-08-06 03:15:55.000 INF Initializing session with partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}]
2025-08-06 03:15:55.000 INF [INITIALIZED] Initialized session successfully partyID: {1,keygen}, peerIDs [{0,keygen} {1,keygen} {2,keygen}], walletID a8f47f60-540d-4d23-8743-6fd8b5abe5ce, threshold = 2
2025-08-06 03:15:56.000 INF Starting to generate key ECDSA walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce
2025-08-06 03:15:56.000 INF Starting to generate key EDDSA walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce
2025-08-06 03:15:59.000 INF Publishing message consumerName=mpc_keygen_result topic=mpc.mpc_keygen_result.a8f47f60-540d-4d23-8743-6fd8b5abe5ce
2025-08-06 03:15:59.000 INF [COMPLETED KEY GEN] Key generation completed successfully walletID=a8f47f60-540d-4d23-8743-6fd8b5abe5ce
The successful completion of these logs indicates that your MPC wallet has been created and the key generation process completed across all nodes.
To update version of a component (New docker image version)
cd dev
docker compose pull apex
docker compose up -d --no-deps --force-recreate apex
WARNING: This setup is for testing environments only.
For manual deployment, Docker Compose, or Kubernetes deployment for maximum security, please contact the Fystack team to get support and guidance on enterprise-grade deployment configurations.
