> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turnkey.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Smart Contract Management
> This is a guide to Smart Contract Management. Our approach is built on a chain-agnostic, primitive-first foundation, providing consistent security and workflow management regardless of the blockchain, development tools, or specific use case.
## Why Turnkey for Smart Contract Management?
Turnkey provides a highly secure, predictable, and flexible solution for managing onchain assets. Our approach combines mature,
cryptographic security with Role-Based Access Control (RBAC) to implement least privilege access and programmatically sign critical
smart contract operations, such as minting, burning, and pausing.
## Core security principles
Turnkey's solution is engineered to meet the operational and security needs of high-value, high-scrutiny contracts:
* **Zero exposure of private keys:** Private and signing keys are default generated and kept within [Turnkey’s secure enclave](/security/secure-enclaves), never directly exposed or handled by users or automated systems.
* **Strict access control (RBAC):** Every action – from deployment to token minting to upgrades – is explicitly permissioned via [Policies](/concepts/policies/quickstart). If a user or automated system is not explicitly allowed to perform an action, they cannot.
* **Predictable and flexible workflows:** Policies allow for granular control over permissions based on transaction type, chain ID, contract address, function hash, and even transaction values. This flexibility allows businesses to meet both automated and human-operator review requirements.
* **Enhanced operational security:** Workflows ensure that all contract deployments and actions come from known, authorized addresses, adding a layer of transparency and accountability to all onchain activity.
The above features can also fit **existing** smart contract deployments and management setups; many of the largest teams in Web3 (like Polymarket) have successfully transitioned.
## A high-stakes example: stablecoins and RWAs
Consider the management of Stablecoins or tokenized Real-World Assets, which often secure billions of dollars in value. These high-value contracts require workflows that demand absolute control and accountability.
**Typical needs for high-value contracts:**
| Need | Solution |
| :----------------------------------------- | :---------------------------------------------------------------------------------------------------------------- |
| All actions must come from known addresses | Wallets are created and controlled within a Turnkey organization |
| Access must be strictly permissioned | Policies enforce RBAC and least-privilege for all signing actions |
| Keys must never be exposed | Keys remain secure in secure enclave; only signatures are provided |
| Must support automation and human review | Policies can be written to allow automation for common tasks, or require multi-party consensus for sensitive ones |
## How Turnkey secures the lifecycle
Turnkey provides secure, granular control across the entire contract lifecycle:
The first step involves creating a Turnkey Organization and populating it with users (both human and machine). These users are assigned specific Policies that dictate their access patterns to different wallets and on-chain functions.
Crucially, the organization’s highest security threshold, the [**Root Quorum**](/concepts/users/root-quorum),
is secured. To prevent a single point of failure, we recommend raising the root quorum to require multiple root users to approve the
most sensitive organizational changes, ensuring operational continuity even in the event of credential loss.
Deployment is strictly permissioned. A designated 'deployer' user must have a policy that explicitly grants them permission to sign the
deployment transaction for a specific wallet and network.
Once deployed, interactions like minting new token supply are governed by precise policies.
For example, a policy can be configured to:
* Allow a 'token owner' user to sign a transaction
* Require the transaction to originate from a specific wallet
* Target the deployed contract's exact address
* Call a specific function (e.g., `mint`)
Policies can also bound [minting amounts](/concepts/policies/smart-contract-interfaces), requiring an additional human review and approval for large transactions.
Upgrading a contract is one of the most sensitive operations, as it redirects the underlying implementation logic – a process that can be exploited if unsecured.
Turnkey ensures this process is secure:
* The contract is designed to be upgradeable from the start (e.g., using a proxy pattern).
* A specific 'upgrade owner' wallet is designated.
* A temporary, highly restrictive policy is created **only when an upgrade is needed**. This policy grants an 'upgrade owner' permission to sign the upgrade transaction.
* Once the upgrade is complete, the policy is removed, and the wallet remains dormant and secured until the next required upgrade, minimizing the window of risk.
> This process is further explored in our [GitHub 'Smart Contract Management' demo](https://github.com/tkhq/solutions/tree/main/smart-contract-mgmt)
## The result: security as code
Turnkey transforms Smart Contract Management from a high-risk, manual operation into a secure, predictable workflow where access is defined
by code. This "Security as Code" approach allows businesses to scale their Web3 operations with confidence, knowing their mission-critical
smart contracts are protected by cryptographically enforced security and least-privilege access control.