Security by Turnkey

Enterprise-grade security for onchain assets

Ensure predictable, auditable, and resilient operations with verifiable security that puts your team in control.

Contact UsGet Started
Trusted Execution Environments (TEEs)

Manage your keys

Turnkey uses AWS Nitro Enclaves, a trusted execution environment that keeps every cryptographic operation isolated.

Hardened Key Security

Generate raw private keys and keep them safe with hardware isolated, institutional-grade security.

Trusted Transactions

Sign transactions with private keys exclusively within this trusted environment.

Flexible Custody

Custody keys in multiple ways — non-custodial, custodial, or hybrid — with flexible enclave architecture.

an illustration of a safe
An illustration of puzzle pieces falling into place
End-to-End Reproducibility

Reproduce your code

Full-source reproducibility ensures developers can verify the entire enclave software stack.

Auditable Code

Trace every line of code, dependency, and build step that produced the binary.

Reproducible Builds

Allow anyone to reproduce the same hash with deterministic builds.

Impenetrable Architecture

Prevent hidden changes, stealth dependencies or malicious insertions.

Remote Attestation

Verify your runtime

Remote attestation proves that the code running in a Turnkey enclave matches what you’ve verified.

Attested Binaries

Independent attestations for each enclave fingerprint the exact binary

Proven Runtime

Check that hash against our deterministically built source code.

Ensured Security

Ensure that every key operation is executed inside the intended trusted environment.

A diagram representing remote attestation
Will

Product Lead at Alchemy

"Turnkey's novel approach to security ensures end users remain in control of their private keys, while allowing us to create a dramatically better developer experience."
Chris Fernandes

Co-founder and CTO at Mural Pay

“Turnkey strikes that rare balance between uncompromising security and an intuitive user experience. They've been an invaluable infrastructure partner since day one.”
Josh Ben-David

CEO at Pass App

“With Turnkey, we saved at least six months of engineering time, integrated in just a few weeks, and have had perfect uptime since launch. That kind of reliability and speed is rare — especially at this level of security.”

Policy your transaction

The policy engine enforces enclave-secured rules on every transaction and enables delegated access with built-in controls.

Policy engine

Enforce fine-grained rules directly inside hardware-isolated secure enclaves.

Protected Policy
Ensure rules will not be bypassed with our in-enclave security model

Modifiable Limits
Define limits by address, asset, size or approval flow

Ensured Enforcement
Prove all actions will follow your defined policies with verifiable, cryptographic proof

Delegated access

Safely enable scoped access to teammates, services, and AI-agents.

Controlled Sessions
Enforce sessions with strict expirations and scoped to your defined policy

Permissioned Access
Grant collaborators and agents controlled session access without exposing keys

Empowered Workflows
Power automation, integrations, and AI-driven workflows securely

Security from first principles.

Performant

Turnkey’s infrastructure adapts seamlessly as demand grows, ensuring <100ms signing latency to give applications the highest security without the cost.

Verifiable

With every critical operation verified, the code inside the enclave remains trustworthy. This ability to audit with complete transparency ensures a trust you can prove.

Secure

Secure enclaves protect keys and handle all signing and policy enforcement. Plus, consistent independent audits keep Turnkey accountable.

Turnkey vs. the competition

When it comes to crypto assets, security can’t be compromised. Developers need a provider that not only keeps keys safe but also allows them to scale with confidence, knowing that every transaction is authorized and protected.

Privy
Fireblocks
Dfns
Dynamic
Magic

Turnkey

Privy

TEE / Secure Enclave
AWS Nitro Enclaves for keygen / storage / signing
AWS Nitro Enclaves (recombine SSS shares)
End-to-end Reproducibility
Remote Attestation
Policy Engine
Full organizational and programmable policy system — beyond transactions, covers delegation, hierarchy, and multi-chain.
Some Privy policies run in-enclave, but others, like transfer-size limits, are enforced at the API layer through off-enclave simulation, making them easier to alter or bypass.
Trust Anchor / Dependency
Key control stays in the TEE, fully isolated with no external access. Code is attested and reproducible. Security comes from proof, not infrastructure trust.
Uses Shamir’s Secret Sharing to spread keys across devices, backend, and recovery. Signing depends on those shares being securely stored, moved, and recombined through Privy’s enclave.

Turnkey

Fireblocks

TEE / Secure Enclave
AWS Nitro Enclaves for keygen / storage / signing
MPC + SGX enclaves
End-to-end Reproducibility
Remote Attestation
Policy Engine
Full organizational and programmable policy system — beyond transactions, covers delegation, hierarchy, and multi-chain.
Partial — Policies are tied to workflow approvals rather than being fully programmable or enclave-native like Turnkey’s.
Trust Anchor / Dependency
Key control stays in the TEE, fully isolated with no external access. Code is attested and reproducible. Security comes from proof, not infrastructure trust.
Combines MPC with SGX enclaves for policy enforcement and transfer security. The FB application + co-signer are both closed source and critical to the signing integrity, so security ultimately depends on FB infra as the control point.

Turnkey

Dfns

TEE / Secure Enclave
AWS Nitro Enclaves for keygen / storage / signing
MPC-based, with flexible key share deployment
End-to-end Reproducibility
Remote Attestation
Policy Engine
Full organizational and programmable policy system — beyond transactions, covers delegation, hierarchy, and multi-chain.
API-based rules and quorums. Enforcement is outside of a trusted environment.
Trust Anchor / Dependency
Key control stays in the TEE, fully isolated with no external access. Code is attested and reproducible. Security comes from proof, not infrastructure trust.
Distributes keys across MPC nodes. Trust is placed in Dfns’ infrastructure to maintain quorum rules and safeguard the shares.

Turnkey

Dynamic

TEE / Secure Enclave
AWS Nitro Enclaves for keygen / storage / signing
TSS-MPC with TEEs for signing
End-to-end Reproducibility
Remote Attestation
Policy Engine
Full organizational and programmable policy system — beyond transactions, covers delegation, hierarchy, and multi-chain.
Transaction-level policies (allowlists, presign checks, multi-chain), not within  enclave
Trust Anchor / Dependency
Key control stays in the TEE, fully isolated with no external access. Code is attested and reproducible. Security comes from proof, not infrastructure trust.
Employs MPC to protect keys across multiple nodes. The security model hinges on Dynamic’s infrastructure to coordinate quorum and prevent collusion.

Turnkey

Magic

TEE / Secure Enclave
AWS Nitro Enclaves for keygen / storage / signing
Custodial backend / HSM
End-to-end Reproducibility
Remote Attestation
Policy Engine
Full organizational and programmable policy system — beyond transactions, covers delegation, hierarchy, and multi-chain.
Trust Anchor / Dependency
Key control stays in the TEE, fully isolated with no external access. Code is attested and reproducible. Security comes from proof, not infrastructure trust.
Operates a custodial backend, historically tied to HSMs. All custody and access control ultimately depend on Magic’s infrastructure.

Get started with Turnkey today

Contact Us
Solutions
DeFi and TradingDeveloper ToolsPaymentsConsumer ApplicationsAI AgentsCustomers
Product
Embedded WalletsTransaction Automation
Features
OAuthPasskeysPoliciesDelegated AccessSessionsEmbedded Wallet Kit
Developer
DocumentationSecurityDemoGitHubSupportEngineering BlogWhitepaper
About
About UsCareersBlogContact
© Copyright Turnkey 2025
Cookie Preferences
Cookie PolicyPrivacy PolicyTerms of Service