diff --git a/multinode-demo/setup.sh b/multinode-demo/setup.sh
index ba5b06855f..9041d5175a 100755
--- a/multinode-demo/setup.sh
+++ b/multinode-demo/setup.sh
@@ -71,6 +71,7 @@ done
 
 leader_address_args=("$ip_address_arg")
 validator_address_args=("$ip_address_arg" -b 9000)
+keypair_arg=(--keypair="$SOLANA_CONFIG_PRIVATE_DIR/id.json")
 
 set -e
 
@@ -78,11 +79,12 @@ echo "Cleaning $SOLANA_CONFIG_DIR"
 rm -rvf "$SOLANA_CONFIG_DIR"
 mkdir -p "$SOLANA_CONFIG_DIR"
 
+rm -rvf "$SOLANA_CONFIG_PRIVATE_DIR"
+mkdir -p "$SOLANA_CONFIG_PRIVATE_DIR"
+
+$solana_keygen -o "$SOLANA_CONFIG_PRIVATE_DIR"/id.json
 
 if $node_type_leader; then
-  rm -rvf "$SOLANA_CONFIG_PRIVATE_DIR"
-  mkdir -p "$SOLANA_CONFIG_PRIVATE_DIR"
-
   echo "Creating $SOLANA_CONFIG_DIR/mint.json with $num_tokens tokens"
   $solana_keygen -o "$SOLANA_CONFIG_PRIVATE_DIR"/mint.json
 
@@ -90,13 +92,13 @@ if $node_type_leader; then
   $solana_genesis --tokens="$num_tokens" < "$SOLANA_CONFIG_PRIVATE_DIR"/mint.json > "$SOLANA_CONFIG_DIR"/genesis.log
 
   echo "Creating $SOLANA_CONFIG_DIR/leader.json"
-  $solana_fullnode_config "${leader_address_args[@]}" > "$SOLANA_CONFIG_DIR"/leader.json
+  $solana_fullnode_config "${keypair_arg}" "${leader_address_args[@]}" > "$SOLANA_CONFIG_DIR"/leader.json
 fi
 
 
 if $node_type_validator; then
   echo "Creating $SOLANA_CONFIG_DIR/validator.json"
-  $solana_fullnode_config "${validator_address_args[@]}" > "$SOLANA_CONFIG_DIR"/validator.json
+  $solana_fullnode_config "${keypair_arg}" "${validator_address_args[@]}" > "$SOLANA_CONFIG_DIR"/validator.json
 fi
 
 ls -lh "$SOLANA_CONFIG_DIR"/
diff --git a/src/bin/fullnode-config.rs b/src/bin/fullnode-config.rs
index 7b97602946..5d9bc23872 100644
--- a/src/bin/fullnode-config.rs
+++ b/src/bin/fullnode-config.rs
@@ -6,6 +6,8 @@ use clap::{App, Arg};
 use solana::crdt::{get_ip_addr, parse_port_or_addr};
 use solana::fullnode::Config;
 use solana::nat::get_public_ip_addr;
+use solana::signature::read_pkcs8;
+use std::env;
 use std::io;
 use std::net::SocketAddr;
 
@@ -18,6 +20,14 @@ fn main() {
                 .takes_value(false)
                 .help("detect network address from local machine configuration"),
         )
+        .arg(
+            Arg::with_name("keypair")
+                .short("k")
+                .long("keypair")
+                .value_name("PATH")
+                .takes_value(true)
+                .help("/path/to/id.json"),
+        )
         .arg(
             Arg::with_name("public")
                 .short("p")
@@ -54,9 +64,18 @@ fn main() {
         bind_addr
     };
 
+    let mut path = env::home_dir().expect("home directory");
+    let id_path = if matches.is_present("keypair") {
+        matches.value_of("keypair").unwrap()
+    } else {
+        path.extend(&[".config", "solana", "id.json"]);
+        path.to_str().unwrap()
+    };
+    let pkcs8 = read_pkcs8(id_path).expect("client keypair");
+
     // we need all the receiving sockets to be bound within the expected
     // port range that we open on aws
-    let config = Config::new(&bind_addr);
+    let config = Config::new(&bind_addr, pkcs8);
     let stdout = io::stdout();
     serde_json::to_writer(stdout, &config).expect("serialize");
 }
diff --git a/src/fullnode.rs b/src/fullnode.rs
index ab896202ca..09fda99ded 100644
--- a/src/fullnode.rs
+++ b/src/fullnode.rs
@@ -7,7 +7,6 @@ use entry_writer;
 use ledger::Block;
 use ncp::Ncp;
 use packet::BlobRecycler;
-use ring::rand::SystemRandom;
 use rpu::Rpu;
 use service::Service;
 use signature::{KeyPair, KeyPairUtil};
@@ -50,11 +49,7 @@ pub struct Config {
 
 /// Structure to be replicated by the network
 impl Config {
-    pub fn new(bind_addr: &SocketAddr) -> Self {
-        let rnd = SystemRandom::new();
-        let pkcs8 = KeyPair::generate_pkcs8(&rnd)
-            .expect("generate_pkcs8 in mint pub fn new")
-            .to_vec();
+    pub fn new(bind_addr: &SocketAddr, pkcs8: Vec<u8>) -> Self {
         let keypair =
             KeyPair::from_pkcs8(Input::from(&pkcs8)).expect("from_pkcs8 in fullnode::Config new");
         let pubkey = keypair.pubkey();
diff --git a/src/signature.rs b/src/signature.rs
index 9dea5d42cc..431f0d9540 100644
--- a/src/signature.rs
+++ b/src/signature.rs
@@ -92,9 +92,14 @@ impl SecureRandom for GenKeys {
     }
 }
 
-pub fn read_keypair(path: &str) -> Result<KeyPair, Box<error::Error>> {
+pub fn read_pkcs8(path: &str) -> Result<Vec<u8>, Box<error::Error>> {
     let file = File::open(path.to_string())?;
     let pkcs8: Vec<u8> = serde_json::from_reader(file)?;
+    Ok(pkcs8)
+}
+
+pub fn read_keypair(path: &str) -> Result<KeyPair, Box<error::Error>> {
+    let pkcs8 = read_pkcs8(path)?;
     let keypair = Ed25519KeyPair::from_pkcs8(Input::from(&pkcs8))?;
     Ok(keypair)
 }