Wallet and key custody model.

Wallet generation is an audited worker job. The portal shows address and public key. Private-key return is disabled by default and should only be enabled for local/dev break-glass testing.

Wallet roles

Treasury walletControls the initial treasury allocation and should be generated or imported before launch review.

Operator walletUsed by operators and integration tests. It should not be reused as treasury custody.

Validator walletsMounted into validators from the generated bundle or attached runtime bundle.

Local/dev secretsWallet files are written with restricted permissions under the worker wallet directory.

Production secretsUse KMS, HSM, or offline signing. Do not return raw private keys through the portal.

Generate wallet

POST /v1/wallets/generate
Authorization: Bearer <token>
Content-Type: application/json

{
  "network_id": "net_...",
  "label": "nabd-client-treasury",
  "purpose": "treasury",
  "expose_private_key_once": false
}

Production rule

Treasury private keys should be owned by the client custody process, not by the portal. For production, generate/import treasury custody through KMS, HSM, or an offline signing process and paste only the public address into launch review.

A wallet address can be public. A private key is never an operational dashboard value.