Purple circular icon with a simplified key shape in the center, on a black background.
Key Management

Securely store and manage private keys

Protect critical assets and sensitive material with flexible access controls and secure, end-to-end encryption.

Contact SalesView Docs
Key Security

Protect keys in isolated, controlled environments

Secure Enclaves

Isolate key material in AWS Nitro Enclaves, never exposed to Turnkey or your platform.

Quorum Policies

Require multi-party approval for sensitive key operations to prevent single points of compromise.

Cryptographic Audit Trail

Maintain a complete, unalterable log of every recovery operation, ensuring full auditability.

Illustration of four white arrows pointing up, down, left, and right on a floating blue square, symbolizing key portability or movement.
Key Portability

Move key material without exposure at any point

Key Import

Bring existing wallets and private keys into Turnkey's secure enclave without exposure.

Key Export

Retrieve keys from secure enclaves for local decryption.

Transport Encryption

Encrypt key material in transit using Hybrid Public Key Encryption (HPKE).

Wallet Connector

Connect external Ethereum and Solana wallets for seamless login and transactions alongside Turnkey embedded wallets.

Key Controls

Enforce key access and usage rules

Flexible Authentication

Gate key access via API keys, passkeys, or OAuth to align with your existing stack.

Authorization Policies

Restrict key operations to authorized users only, ensuring access is explicitly granted.

Scoped User Permissions

Limit what authorized users can do by operation type, enforcing least privilege access.

Secure, flexible, and scalable

Secure by Default

Turnkey provides end-to-end private key generation and access control within Trusted Execution Environments (TEEs), ensuring raw private keys are never exposed to Turnkey, your software, or your team.

Independently Verifiable

Turnkey's code can be independently verified in real-time, replacing blind trust with cryptographic proof.

Built for Scale

Turnkey's verifiable infrastructure has been battle-tested at scale with 99.9% uptime and 50-100ms latency for signing, 50-100x faster than MPC solutions.

Learn more
Patrick Traughber

Head of Financial Products

"Our goal is to build infrastructure that’s accessible, private and robust at a global scale. Turnkey’s architecture lets us strike that balance and add an additional layer of recoverability for users.”

Frequently asked questions

Got any other questions?
Email — [email protected]

What is Key Management with Turnkey?

Key Management provides programmable, hardware-backed private key management infrastructure for crypto and other sensitive systems. It allows you to securely store, access, and manage private keys and cryptographic material inside secure enclaves, with policy enforcement and authentication gating every operation, functioning as a modern key management service.

What is Key Management used for?

Key Management allows you to protect and recover any cryptographic material, including private keys, wallet mnemonics, API secrets, application secrets, and other sensitive credentials used across crypto and backend systems. Whether you're recovering funds after a security incident, migrating from another provider, or protecting sensitive data, Turnkey provides a secure, auditable path without exposing key material to anyone.

Can Turnkey access my keys?

No. Private key management happens entirely inside secure enclaves. Key material is never exposed to Turnkey, your application, or any third party.

How does Turnkey secure my keys?

Private keys are generated and stored inside AWS Nitro Enclaves, where they remain isolated from external systems. Turnkey never stores unencrypted key material.


In transit, HPKE-based secure channels ensure that any movement of encrypted data or key material remains protected end-to-end. Access is gated through authentication methods such as passkeys, OAuth, or API keys, combined with policy enforcement like multi-party approval and scoped permissions.

Can I import existing keys into Turnkey?

Yes. Key Management supports secure key import, allowing you to bring existing crypto wallets and private keys into Turnkey’s enclave-based infrastructure without exposing them.

Can I export keys from Turnkey?

Yes. You can export private keys, like encryption keys, through policy-controlled workflows. Key Management enforces authentication and approval requirements before any export occurs, ensuring secure handling of sensitive crypto assets.

What authentication methods are supported?

Key Management supports API keys, passkeys, OAuth, and OTP. These authentication methods can be combined with policies to enforce strong access control for private key management.

What are common use cases of Key Management?

Customers use Key Management to:

  • Build secure, user-controlled account recovery flows
  • Implement enterprise-grade disaster recovery systems
  • Protect API secrets and sensitive credentials
  • Enable compliant key storage architectures
  • Create programmable workflows for accessing encrypted data

Get started with Turnkey today

Contact Sales
Solutions
DeFi and TradingDeveloper ToolsPaymentsConsumer ApplicationsAI AgentsStablecoinsCustomers
Product
Embedded WalletsCompany WalletsKey ManagementTurnkey Verifiable Cloud
Features
OAuthPasskeysPoliciesDelegated AccessSessionsEmbedded Wallet Kit
Developer
DocumentationSecurityDemoGitHubSupportEngineering BlogWhitepaper
About
About UsCareersContactSecurityWhat is Turnkey
Resources
CustomersBlogStablecoin chain selectorTEE eBookVerifiability eBookReproducibility eBook Brand Kit
© Copyright Turnkey 2026
Cookie Preferences
Cookie PolicyPrivacy PolicyTerms of Service