Secure key management and storage
KeyStorage
constructor(config: KeyStorageConfig)
interface KeyStorageConfig { storageType: 'file' | 'memory' | 'vault'; encryptionKey?: string; storagePath?: string; compressionLevel?: number; backupEnabled?: boolean; }
import { KeyStorage } from "radix-agent-kit"; const keyStorage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.ENCRYPTION_KEY, storagePath: './secure-keys', compressionLevel: 9, backupEnabled: true });
interface KeyData { privateKey: string; publicKey: string; address: string; metadata?: Record<string, any>; createdAt: Date; lastUsed?: Date; } await keyStorage.store('main-wallet', { privateKey: privateKeyHex, publicKey: publicKeyHex, address: accountAddress, metadata: { name: 'Main Wallet', purpose: 'Primary trading account' }, createdAt: new Date() }); console.log("✅ Key stored securely");
const keyData = await keyStorage.retrieve('main-wallet'); console.log("Address:", keyData.address); console.log("Created:", keyData.createdAt); console.log("Metadata:", keyData.metadata); // Private key is decrypted automatically
const hasKey = await keyStorage.exists('main-wallet'); if (hasKey) { console.log("Key found in storage"); } else { console.log("Key not found"); }
await keyStorage.delete('old-wallet'); console.log("✅ Key securely deleted");
interface KeyInfo { keyId: string; address: string; createdAt: Date; lastUsed?: Date; metadata?: Record<string, any>; } const keys = await keyStorage.listKeys(); keys.forEach(key => { console.log(`${key.keyId}: ${key.address}`); console.log(`Created: ${key.createdAt}`); console.log(`Last used: ${key.lastUsed || 'Never'}`); });
await keyStorage.updateMetadata('main-wallet', { name: 'Updated Main Wallet', purpose: 'Primary trading and staking', lastBackup: new Date() });
await keyStorage.updateLastUsed('main-wallet');
await keyStorage.changeEncryptionKey( process.env.OLD_ENCRYPTION_KEY!, process.env.NEW_ENCRYPTION_KEY! ); console.log("✅ Encryption key updated for all stored keys");
await keyStorage.backup('./backups/keys-backup-2024.enc'); console.log("✅ Backup created successfully");
await keyStorage.restore('./backups/keys-backup-2024.enc', backupEncryptionKey); console.log("✅ Keys restored from backup");
interface VerificationResult { totalKeys: number; validKeys: number; corruptedKeys: string[]; missingKeys: string[]; } const result = await keyStorage.verify(); console.log(`Verified ${result.validKeys}/${result.totalKeys} keys`); if (result.corruptedKeys.length > 0) { console.warn("Corrupted keys:", result.corruptedKeys); }
// Export as JSON const jsonExport = await keyStorage.export('main-wallet', 'json'); // Export as hex const hexExport = await keyStorage.export('main-wallet', 'hex'); console.log("Key exported successfully");
await keyStorage.import(externalKeyData, 'json', 'imported-wallet'); console.log("✅ Key imported successfully");
interface GenerateKeyOptions { keyType: 'Ed25519' | 'Secp256k1'; networkId: number; metadata?: Record<string, any>; } const newKey = await keyStorage.generateKey('new-wallet', { keyType: 'Ed25519', networkId: 2, // Stokenet metadata: { name: 'Generated Wallet', purpose: 'Testing' } }); console.log("New wallet address:", newKey.address);
const fileStorage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.ENCRYPTION_KEY, storagePath: './secure-keys', backupEnabled: true });
const memoryStorage = new KeyStorage({ storageType: 'memory', encryptionKey: process.env.ENCRYPTION_KEY });
const vaultStorage = new KeyStorage({ storageType: 'vault', encryptionKey: process.env.VAULT_KEY, storagePath: '/secure/vault/path' });
import { KeyStorage } from "radix-agent-kit"; // Initialize secure storage const storage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.ENCRYPTION_KEY, storagePath: './wallet-keys' }); // Store a new wallet await storage.store('trading-wallet', { privateKey: privateKeyHex, publicKey: publicKeyHex, address: accountAddress, metadata: { name: 'Trading Wallet', purpose: 'DeFi operations', riskLevel: 'medium' }, createdAt: new Date() }); // Retrieve when needed const keyData = await storage.retrieve('trading-wallet'); console.log("Wallet address:", keyData.address);
async function manageMultipleWallets() { const storage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.ENCRYPTION_KEY, storagePath: './wallets' }); // Generate multiple wallets const walletTypes = ['trading', 'staking', 'treasury', 'development']; for (const type of walletTypes) { const keyData = await storage.generateKey(`${type}-wallet`, { keyType: 'Ed25519', networkId: 2, metadata: { name: `${type.charAt(0).toUpperCase() + type.slice(1)} Wallet`, purpose: `${type} operations`, createdBy: 'automated-setup' } }); console.log(`${type} wallet: ${keyData.address}`); } // List all wallets const allKeys = await storage.listKeys(); console.log(`Total wallets: ${allKeys.length}`); } await manageMultipleWallets();
async function backupAndRestore() { const storage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.ENCRYPTION_KEY, storagePath: './production-keys', backupEnabled: true }); // Create backup const backupPath = `./backups/keys-${Date.now()}.enc`; await storage.backup(backupPath); console.log("✅ Backup created:", backupPath); // Verify backup integrity const verification = await storage.verify(); console.log("Verification result:", verification); // In case of disaster recovery if (verification.corruptedKeys.length > 0) { console.log("🔄 Restoring from backup..."); await storage.restore(backupPath, process.env.ENCRYPTION_KEY!); console.log("✅ Recovery completed"); } }
async function rotateSecurityKeys() { const storage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.CURRENT_ENCRYPTION_KEY, storagePath: './secure-keys' }); // Create backup before rotation await storage.backup('./backups/pre-rotation-backup.enc'); // Rotate encryption key await storage.changeEncryptionKey( process.env.CURRENT_ENCRYPTION_KEY!, process.env.NEW_ENCRYPTION_KEY! ); // Verify all keys after rotation const verification = await storage.verify(); if (verification.validKeys === verification.totalKeys) { console.log("✅ Security rotation completed successfully"); } else { console.error("❌ Security rotation failed - restore from backup"); } }
import { RadixMnemonicWallet } from "radix-agent-kit"; async function integrateWithWallet() { const storage = new KeyStorage({ storageType: 'file', encryptionKey: process.env.ENCRYPTION_KEY, storagePath: './wallet-storage' }); // Create wallet and store securely const wallet = RadixMnemonicWallet.generateRandom({ networkId: 2 }); await storage.store('main-wallet', { privateKey: wallet.getPrivateKeyHex(), publicKey: wallet.getPublicKey(), address: wallet.getAddress(), metadata: { mnemonic: wallet.getMnemonic(), // Store mnemonic securely derivationPath: "m/44'/1022'/0'/0/0", networkId: 2 }, createdAt: new Date() }); // Later, recreate wallet from storage const storedKey = await storage.retrieve('main-wallet'); const restoredWallet = RadixMnemonicWallet.fromMnemonic( storedKey.metadata!.mnemonic, { networkId: 2 } ); console.log("Original address:", wallet.getAddress()); console.log("Restored address:", restoredWallet.getAddress()); console.log("Addresses match:", wallet.getAddress() === restoredWallet.getAddress()); }
try { const keyData = await keyStorage.retrieve('non-existent-key'); } catch (error) { if (error.message.includes('Key not found')) { console.error("Key does not exist in storage"); } else if (error.message.includes('Decryption failed')) { console.error("Invalid encryption key or corrupted data"); } else if (error.message.includes('Permission denied')) { console.error("Insufficient file system permissions"); } else if (error.message.includes('Storage unavailable')) { console.error("Storage backend is not accessible"); } else { console.error("Key storage operation failed:", error.message); } }