Key Management

Flexible key management & recovery for wallets

Use Evervault to implement secure key management and recovery flows for your wallets, backed by secure enclaves.

Talk to an Expert

Enclave-backed key management infrastructure for wallet providers

Use Evervault to implement any key management flow for crypto wallets, including transaction signing, key recovery, and wallet backups.

Simplified user experience

Evervault is an invisible building block that lets you implement secure and compliant transaction signing and key recovery flows without hindering your user experience. Easily integrate with third-party providers for SMS or email recovery, or implement two-factor authentication to minimize risk.


Evervault Enclaves lets you verify that all key operations take place in a signed and sealed secure enclave, powered by AWS Nitro Enclaves. Keys never exist in plaintext anywhere outside of the secure enclave.

Dual-custody model

Evervault’s dual-custody model means you never need to handle keys in plaintext, and Evervault never stores or sees any of your data. All sensitive operations take place in an attestable secure enclave.

Build any application that uses your crypto keys. We’ll secure it.

Evervault Enclaves can be used to implement a custom key management flow based on any Docker image. We’ll build, deploy, and scale your workflow and ensure your keys are encrypted at all times.

Build an Enclave

Build your custom key operations and simply deploy it to Evervault. Enclaves are easily configured to communicate with APIs for sending emails or SMS messages, and to verify authentication data like two-factor authentication.

Encrypt your keys

Use Evervault’s SDKs to encrypt private keys or recovery phrases on the user’s device, within an Enclave, or on your infrastructure. Evervault never stores any of your encrypted data.

Sign and recover

Your users communicate directly with your Evervault Enclave to perform key recovery, alongside additional verification or authentication steps like SMS or 2FA.

All operations take place in a signed and sealed AWS Nitro Enclave, so you can attest that keys are not shared or processed anywhere else. This means transaction signing and key recovery can take place without your infrastructure ever handling users' private keys.


Third Party


User Device


Third Party

PCR0 a75952f8d6d
PCR1 5fefccave82
PCR2 d8b02113aaj
PCR8 c7r861268d1

The most flexible key management & recovery solution

Use Evervault to implement any key management or wallet recovery flow. It’s invisible to your users, fast to configure, and secure by default.
Streamline regulatory compliance
Enclaves are used by some of the largest custodians and providers of wallet services to streamline compliance with regulatory frameworks like MiCa and guidelines from other regulatory bodies.
Invisible building blocks
Implementing wallet recovery and backups with Evervault is invisible to your users, so you can design the optimal user experience and assure your customers that their keys and assets are kept verifiably secure.
Flexible recovery options
Using Evervault Enclaves to handle wallet recovery gives you flexibility to implement any flow in line with your security & authentication model. Evervault Enclaves can verify a user’s identity using SMS, email, hardware 2FA and more.
Cost effective
Evervault is not a direct custodian of your wallets or keys, so we don’t charge based on the value of assets that are being secured with Evervault Enclaves.
Simple security model
Evervault’s dual-custody model is interoperable with any existing multisig or MPC-based security model.
Compatible with any keys
Evervault lets you implement recovery flows for any key types or wallet configurations.

Secure key management without the headache

Use Evervault to implement any key management flow for wallets, decentralized payments or Web3 assets.