This is a guide to importing your wallet or private key into Turnkey. For more information about the security of this flow, check out Enclave secure channels.
Generate an encryption key
--user
flag (required) is the id of the user importing the private key; this is required because the underlying encryption keys used for import are scoped to each user.--encryption-key-name
flag is to specify a name for the encryption key. Note that an encryption key !== Turnkey API key; an encryption key is used exclusively for secure activities like import and export.Initialize import
--import-bundle-output
(required) flag is the desired output file path for the “import bundle” that will be received from Turnkey. The “import bundle” contains the ephemeral public key generated by the Turnkey signer enclave for the specified user. The private key plaintext is encrypted to this public key in Step 2.--key-name
flag specifies the name of API key with which to interact with the Turnkey API service. This should be the name of a previously created key. If you do not have one, visit the quickstart guide for help creating one.Encrypt without saving plaintext to filesystem. This can be done offline:
--import-bundle-input
flag (required) is the desired input file path for the “import bundle”.--plaintext-input
flag is the desired input file path for the private key plaintext. You can pass a filename here or feed the plaintext string directly into the standard input as shown above.--encrypted-bundle-output
(required) flag is the desired output file path for the “encrypted bundle” that will be sent to Turnkey in Step 3. The “encrypted bundle” contains the ephemeral public key generated by the CLI as part of the shared secret computation with the Turnkey signer enclave. It also contains the ciphertext, which is the plaintext input encrypted by the Turnkey signer’s ephemeral public key.Import private key
--encrypted-bundle-input
(required) flag is the desired input file path for the “encrypted bundle” that will be sent to Turnkey.--curve
and --address-format
flags.turnkey private-keys
commands instead. In Step 2 (encrypt
), pass a --key-format
flag for key-specific formatting; the options for private keys are:
hexadecimal
: Used for Ethereum. Examples: 0x13eff5b3f9c63eab5d53cff5149f01606b69325496e0e98b53afa938d890cd2e, 13eff5b3f9c63eab5d53cff5149f01606b69325496e0e98b53afa938d890cd2e
solana
: Used for Solana. It’s a base58-encoding of the concatenation of the private key and public key bytes. Example: 2P3qgS5A18gGmZJmYHNxYrDYPyfm6S3dJgs8tPW6ki6i2o4yx7K8r5N8CF7JpEtQiW8mx1kSktpgyDG1xuWNzfsM
import.turnkey.com
meant to be embedded as an iframe element (see the code here). This ensures the mnemonics and keys are encrypted to keys that the user has access to, but that your organization does not (because they live in the iframe, on a separate domain).@turnkey/iframe-stamper
@turnkey/iframe-stamper
to insert a new iframe element:INIT_IMPORT_WALLET
activity with the ID of the user importing the wallet.IMPORT_WALLET
activity and prompts the user to sign it.Import is complete!In your Turnkey dashboard, the imported user Wallet will be flagged as “Imported”.Initialize a new Turnkey client
Initialize the import process (Turnkey activity)
Encrypt wallet to bundle
Import wallet (Turnkey activity)
Initialize a new Turnkey client
Initialize the import process (Turnkey activity)
Encrypt private key to bundle
Import private key (Turnkey activity)
encrypt{Wallet, PrivateKey}ToBundle
method uses an ephemeral key.
Initialize Turnkey client
Initialize the import process (Turnkey activity)
Encrypt wallet to bundle
Import wallet (Turnkey activity)
Initialize Turnkey client
Initialize the import process (Turnkey activity)
Encrypt private key to bundle
Import private key (Turnkey activity)
INIT_IMPORT_PRIVATE_KEY
and IMPORT_PRIVATE_KEY
activities and the extractKeyEncryptedBundle
method from the @turnkey/iframe-stamper
. You can pass an optional keyFormat
to extractKeyEncryptedBundle(keyFormat)
that will apply either Hexadecimal
or Solana
formatting to the private key that is entered in the iframe. The default key format is hexadecimal
, which is used by MetaMask, MyEtherWallet, Phantom, Ledger, and Trezor for Ethereum keys. For Solana keys, you will need to pass the solana
key format.