| Feature | Coinbase-Managed (2-of-2) | Developer-Managed (1-of-1) |
|---|---|---|
| Custody model | Developer custodied | Developer custodied |
| Key management | Secured by Coinbase and the developer | Secured by the developer |
| Key structure | 2-of-2 | 1-of-1 |
| Key export | Cannot be exported | Can be exported via CDP SDK |
| Key storage | Stored securely in developer’s AWS account | Stored by the developer |
| Developer Experience | Use Coinbase Server-Signer | Developer implements private key storage |
| Setup time | 10 minutes to provision infrastructure | A few seconds to set up the SDK |
Coinbase-Managed (2-of-2) Wallets
Server Wallet offers Coinbased-Managed 2-of-2 Wallets, leveraging advanced cryptographic techniques for enhanced usability and security. These wallets use Multi-Party Computation (MPC) to split private keys into two shares between Coinbase and the developer, ensuring improved security. To use Coinbase-Managed (2-of-2) Wallets, set up your Server-Signer.Secure your CDP Secret API Key
- MPC does not safeguard your CDP API keys or account credentials. If your CDP login or API keys are compromised, funds held in your API Wallet could potentially be at risk, even when using the 2-of-2 MPC option.
- Coinbase recommends that you store your secret API keys in a dedicated solution such as AWS secret manager, Azure Key Vault, or some other secure storage option. Your CDP account can be used to create new API keys and should be stored securely using a password manager. Always follow the principle of least privilege when deciding who within your organization can access your CDP account funds.