Skip to main content

Keys

EigenCompute uses two types of keys:

  • Authentication keys

    For developers and used for deployments and protocol interactions.

  • TEE mnemonic

    For applications and used for persistent wallet functionality inside the TEE. Also provides the ability to verify that you are communicating with the correct TEE application.

Authentication keys

tip

The authentication keys are a cryptographic key pair.

The private key is used to sign deployment transactions. From that private key, a public key is derived, and from the public key, an address is generated.

The address is your EigenCompute onchain identification, often referred to as a wallet, and must be funded before deployment.

CategoryAuthentication Key Details
PurposeDeveloper authentication for deployments and protocol interactions
Typesecp256k1 private key (Ethereum-compatible)
OriginGenerated or imported using eigenx auth CLI command
LocationLocal OS or organization keyring (macOS Keychain, 1Password, Windows Credential Manager, Linux Secret Service, etc.). Stored under eigenx-<environment> (eg, eigenx-mainnet)
SecurityDeveloper must secure and store the authentication keys securely to sign deployment transactions

TEE Mnemonic

important

The TEE mnemonic is generated by the KMS and bound to your app's enclave, ensuring consistency across deployments. Once injected, the mnemonic safety depends on the app not leaking it.

CategoryTEE Mnemonic Details
PurposePersistent wallet for applications running inside a TEE
TypeBIP-39 mnemonic phrase (12/24 words)
OriginGenerated by KMS. Released only to your application using enclave attestation
LocationEncrypted at rest in KMS. Only decryptable inside your specific TEE application
AccessProvided at runtime using process.env.MNEMONIC
PersistenceStable across restarts and deployments
SecurityThe mnemonic is cryptographically bound to your specific TEE instance. No other TEE, application, or party can decrypt it. Inside the TEE, it's a plain secret and must be handled appropriately. Do not log or exfiltrate the mnemonic.