The v2 Wallet API is secured by CDP’s Trusted Execution Environment (TEE), a highly isolated compute environment that is used for sensitive cryptographic operations such as private key generation and transaction signing.
The TEE is hosted on AWS Nitro Enclaves, an isolated, secure compute environment. The TEE has no persistent storage, no interactive access, and no external networking, ensuring that even a root or admin user cannot access or SSH into the TEE.
All operations that take place in the TEE are not visible to CDP, AWS, or the outside world.
The following diagram demonstrates the architecture of the TEE:
Wallet Secrets are used to authenticate requests to the v2 Wallet API.
Wallet Secrets are asymmetric private keys that conform to ECDSA, a cryptographic technique for creating and verifying digital signatures. They rely on the secp256r1 elliptic curve (also known as P-256), making keys small, fast, and highly secure.
Read more about using Wallet Secrets in our v2 API Reference documentation.
Configure your Wallet Secret in the Wallet API page of the CDP Portal.
To increase security of your wallet, we recommend enabling two-factor authentication (2FA).
We support physical security keys, passkeys, Google or Duo authentication apps, security push notifications, and even trusted contacts.
When enabling 2FA, it is highly advised you do not use SMS, and instead use a physical security key or other more secure methods.
If you lose access to your Wallet Secret, you can delete the old secret and generate a new one through the CDP Portal. See Wallet Secret Rotation for more information on how to update your secret and manage two factor authentication.