In the fast-evolving world of blockchain and decentralized applications, one challenge remains central: secure private key management. Traditional custodial models—designed for long-term asset storage rather than dynamic on-chain activity—create friction that hinders innovation. Enter Turnkey, a next-generation private key infrastructure built specifically for crypto developers who need security, scalability, and seamless integration.
With its developer-first approach, Turnkey delivers a powerful API-driven solution that enables the programmatic creation of thousands of wallets and execution of high-frequency transactions across any blockchain. By rethinking how keys are generated, stored, and used, Turnkey removes the bottlenecks that have historically limited web3 development.
What Is Turnkey?
Turnkey is a secure, non-custodial private key infrastructure platform tailored for developers building on blockchain. It addresses the shortcomings of legacy key management systems by offering an API-first architecture that combines institutional-grade security with developer flexibility.
At its core, Turnkey empowers teams to generate wallets at scale, sign transactions securely, manage access controls, and enforce granular policies—all through simple, well-documented APIs. Whether you're building a wallet app, DeFi protocol, or NFT marketplace, Turnkey provides the foundational layer for secure and scalable crypto interactions.
Mission & Vision
Turnkey’s mission is to empower developers by eliminating the complexity and risk associated with private key management. Its vision? To accelerate the adoption of crypto by making it easier—and safer—to build innovative on-chain experiences.
By abstracting away the intricacies of cryptography and security operations, Turnkey allows developers to focus on what they do best: creating compelling user experiences and pushing the boundaries of decentralized technology.
Core Features of Turnkey
Hierarchical Deterministic (HD) Wallet Support
Turnkey supports HD wallets, enabling the generation of multiple cryptographic keys from a single master seed. This means developers can create millions of addresses using standardized formats compatible with various curves (e.g., secp256k1, ed25519).
HD wallets also simplify backup and recovery via mnemonic phrases—making them more user-friendly than managing individual private keys. Turnkey’s dual support for both standard and HD wallets ensures maximum flexibility for different use cases.
Secure Wallet Export
User sovereignty is paramount. Turnkey allows full export of wallets and private keys, ensuring users retain control over their assets. During export, mnemonic phrases are encrypted and stored locally—never exposed to Turnkey or third parties.
To reinforce trust, Turnkey offers open-source tooling and comprehensive documentation that validate every step of the export process, guaranteeing transparency and data integrity.
👉 Discover how easy it is to integrate secure key management into your app.
Email-Based Authentication
Turnkey streamlines user onboarding with email-based authentication. Users receive a one-time passcode (OTP) to log in and initiate a secure session. Once authenticated, they can perform multiple actions without repeated logins—ideal for gaming, trading, or social dApps requiring frequent interaction.
Sessions are secured using time-limited API keys stored in local storage, balancing convenience with strong security practices.
Secure Email Recovery
Losing access to a wallet shouldn’t mean losing assets. Turnkey introduces secure email recovery, where encrypted recovery credentials are sent via email. The process involves inputting a code into a recovery form, which then allows the creation of a new authenticator.
This method ensures no single party—including Turnkey—can intercept or misuse recovery data, providing a simple yet robust way to regain access.
Wallet Import Capabilities
Developers and users can import existing wallets using 12–24 word mnemonics or private keys in Ethereum (hex) or Solana formats. Thanks to advanced cryptographic protocols, Turnkey never sees or stores your private keys.
A temporary key exchange mechanism ensures end-to-end encryption: client-side and enclave-generated ephemeral public keys encrypt the private key, which only the user can decrypt. This zero-knowledge approach guarantees true non-custodianship.
Programmable Policies & API Flexibility
Turnkey’s policy engine enables fine-grained control over key usage, access permissions, and transaction limits. Developers can define rules such as:
- Maximum transaction amount per day
- Required multi-sig approvals for high-value transfers
- Time-based access restrictions
These policies are enforced within secure enclaves, ensuring tamper-proof execution. Combined with a clean REST API, this makes Turnkey ideal for enterprise-grade applications needing compliance and auditability.
Open Source & Community Support
Transparency drives trust. Turnkey provides open-source SDKs, example implementations, and detailed technical documentation to help developers get started quickly and securely.
An active Slack community connects builders directly with the Turnkey team and fellow developers—fostering collaboration, rapid troubleshooting, and shared innovation in the web3 ecosystem.
Institutional-Grade Security
Built by veterans from top crypto firms like Coinbase Custody, Turnkey incorporates battle-tested security principles at every level. From hardware-isolated execution environments to end-to-end encrypted data flows, it meets the standards expected by institutional players while remaining accessible to indie developers.
Underlying Technology Stack
Secure Enclaves (Trusted Execution Environments)
All sensitive operations—private key generation, signing, policy evaluation—occur inside secure enclaves, isolated hardware environments resistant to tampering. These enclaves have no persistent storage, external network access, or interactive interfaces, minimizing attack surfaces.
QuorumOS: Immutable Operating System
Turnkey runs on QuorumOS, a minimal, immutable Linux unikernel designed specifically for security-critical workloads. This ensures complete transparency and prevents unauthorized code changes—even by internal developers.
Remote Attestation
Before any deployment, Turnkey uses remote attestation to cryptographically verify the integrity of both the machine and running code. Only after successful attestation are secret shares released into the enclave—ensuring trustworthiness from day one.
Cryptographic Proof & Non-Custodial Design
The system uses cryptographic proofs to confirm enclave identity and authorized code execution. Even if the broader system is compromised, private keys remain encrypted and inaccessible outside the enclave.
Turnkey operates under a non-custodial model: encrypted keys are only decrypted inside verified applications within secure enclaves, giving users full control without sacrificing usability.
Policy Engine Inside Enclave
All policy checks happen inside the secure enclave itself. This guarantees that no operation violates defined rules—even under adversarial conditions.
Stateless Architecture & Verifiable Data
Turnkey’s enclaves are stateless; all data resides in PostgreSQL and is verified by a公证器 (notarizer) before processing. This prevents tampering, replay attacks, and downgrade attempts, ensuring data authenticity at all times.
How Turnkey Works: Key Components
Turnkey organizes its architecture around five core resources:
- Users: Individuals or machines with access rights.
- Policies: Rules defining allowed actions.
- Private Keys: Cryptographic keys for signing.
- Wallets: Collections of keys derived from a shared seed.
- Credentials: Authentication methods (WebAuthn for users, API keys for services).
All functionality is exposed through a REST API supporting two primary operations:
- Manage organizational data (users, policies, wallets)
- Sign transactions or raw data securely
Crucially, relationships between these resources aren't predefined—they're governed entirely by your custom policies. This gives you full control over access logic and security workflows.
👉 See how Turnkey simplifies secure blockchain integration for developers.
Real-World Use Cases
Custom Wallet Solutions
Build non-custodial wallets with embedded transaction signing. Create consumer-facing wallets with password-based security or implement multi-sig setups for team treasuries and high-value accounts.
Automated On-Chain Operations
Automate smart contract interactions based on triggers—such as auto-swapping tokens when prices hit thresholds or distributing staking rewards at set intervals. Reduce manual intervention and operational overhead.
Advanced Key Management
Enforce strict access policies across teams or departments. Set spending caps, require multi-party approval for withdrawals, or rotate keys automatically—all governed by code-enforced rules.
Enhanced User Experience
Embed personalized wallet experiences directly into your app UI instead of relying on generic interfaces. Add social recovery options or multi-sig authorization flows for better usability and security.
Integration with Existing Systems
Use Turnkey to rebalance funds between hot and cold wallets automatically. Or configure Turnkey signers within Gnosis Safe for enhanced automation and governance capabilities.
The Team Behind Turnkey
Founded by former leaders of Coinbase Custody—Sam McIngvale (Product Lead), Bryce Ferguson (First PM), and Jack Kearney (First Engineer)—Turnkey brings deep expertise in institutional-grade custody solutions. Together, they helped secure over $200 billion in digital assets, giving them unmatched insight into scalable and secure key management.
Their experience building enterprise custody systems informs every aspect of Turnkey’s design—bridging the gap between institutional security and developer agility.
Funding & Growth
Turnkey raised $15 million in Series A funding, co-led by Lightspeed Faction and Galaxy Ventures. Additional backing came from top-tier investors including Sequoia, Coinbase Ventures, Alchemy, Figment Capital, and Mirana Ventures.
This investment fuels Turnkey’s mission to build a more secure, flexible, and scalable foundation for web3 development—empowering builders to create seamless on-chain experiences that attract both retail and institutional users.
👉 Start building with secure, scalable key infrastructure today.
Frequently Asked Questions (FAQ)
Q: Is Turnkey custodial or non-custodial?
A: Turnkey is fully non-custodial. Users maintain control over their private keys at all times. Keys are encrypted and only decrypted inside secure enclaves during authorized operations.
Q: Can I use Turnkey across multiple blockchains?
A: Yes. Turnkey supports Ethereum-compatible chains, Solana, and other major networks through flexible cryptographic primitives and HD wallet derivation paths.
Q: How does email recovery work without compromising security?
A: Recovery codes are sent via encrypted channels and processed within secure enclaves. The actual recovery material is never exposed to servers or intermediaries.
Q: Do I need to run my own infrastructure?
A: No. Turnkey handles backend infrastructure while giving you full policy control via API—ideal for fast iteration without operational burden.
Q: Is the code open source?
A: While core enclaves remain closed for security reasons, Turnkey provides open-source SDKs, helper libraries, and detailed documentation to ensure transparency and ease of integration.
Q: Who should use Turnkey?
A: Web3 developers building wallets, DeFi platforms, gaming dApps, NFT marketplaces—or any application requiring secure, scalable key management with minimal friction.
Final Thoughts
Turnkey represents a paradigm shift in how developers manage private keys. By combining institutional-grade security, programmable flexibility, and developer-friendly APIs, it solves one of crypto’s most persistent challenges: secure yet accessible key infrastructure.
As blockchain adoption grows, so does the demand for robust tools that balance safety with usability. With Turnkey, developers now have the foundation they need to build the next generation of decentralized applications—securely, efficiently, and at scale.