Skip to content

Key Storage

Sometimes you might want to manage session keys or even actual private keys for your users, but you may not want to store the keys on your database.

ZeroDev offers a key management API you can use to generate private keys and sign with them. The private key is never transmitted to you or stored on your server -- the API executes the signing remotely.

Code Example

Check out a complete example here.

Installation

npm
npm i @zerodev/remote-signer

API

First, obtain the ZeroDev API key from your dashboard. Remember: you must secure this API key. Whoever has access to this API key effectively controls all the private keys you manage with the key management API.

Generating a private key

import { toRemoteSigner, RemoteSignerMode } from "@zerodev/remote-signer"
 
const remoteSigner = await toRemoteSigner({
    apiKey,
    mode: RemoteSignerMode.Create
})

remoteSigner is a Viem account which you can use for signing.

Note that if you want to get this key later, you must store its "address" which is basically its public key: remoteSigner.address.

Getting an existing private key

When getting an existing key, specify the "address" of the key.

import { toRemoteSigner, RemoteSignerMode } from "@zerodev/remote-signer"
 
const remoteSigner = await toRemoteSigner({
    apiKey,
    keyAddress: remoteSignerAddress,
    mode: RemoteSignerMode.Get
})

Signing with the key

Since remoteSigner is a Viem account, you can use it wherever a Viem account is expected.

For example, to use the remote signer as a session key:

const ecdsaSigner = toECDSASigner({ signer: remoteSigner })
 
const permissionPlugin = await toPermissionValidator(publicClient, {
    entryPoint,
    kernelVersion,
    signer: ecdsaSigner,
    policies: [
      // ...
    ]
})