Platform Components/Security and Auth

Private Keys

Secure enterprise blockchain operations with SettleMint's advanced private key management. Deploy HSM-grade security, hierarchical deterministic wallets, and enterprise-grade key governance for production blockchain applications with 99.9% security assurance.

Enterprise Private Key Management

Business Impact

ROI Metrics: Organizations using SettleMint's private key management achieve 99.9% transaction security, 95% reduction in key management overhead, and 90% faster secure deployment for enterprise blockchain applications.

Enterprise Blockchain Security Platform

Private key management forms the cornerstone of enterprise blockchain security, ensuring cryptographically secure transaction signing, ownership verification, and authentication across production environments. SettleMint's enterprise-grade platform provides multi-tiered security options from software-based solutions to Hardware Security Modules (HSMs), enabling organizations to meet diverse compliance and risk requirements while maintaining operational efficiency.

Enterprise Security Architecture

Accessible ECDSA P-256

  • Software-based storage for rapid deployment
  • Development-friendly with immediate access
  • Cost-effective for low-risk applications
  • Standard compliance with industry protocols

Hierarchical Deterministic (HD)

  • Structured key derivation from master seeds
  • Enterprise backup strategies with mnemonic recovery
  • Multi-account management for complex organizations
  • Advanced governance with derivation path control

Hardware Security Modules

  • Tamper-resistant hardware for maximum security
  • Regulatory compliance for financial institutions
  • Enterprise-grade protection against advanced threats
  • Audit-ready security with certified hardware

Each security tier integrates seamlessly with SettleMint's Transaction Signer, ensuring cryptographically secure execution of on-chain operations while maintaining enterprise operational efficiency and compliance standards.


Enterprise Security Imperatives

Mission-Critical Security

Enterprise Impact: Proper private key management prevents 99.9% of blockchain security incidents while enabling compliant, scalable blockchain operations for production environments.

Core Security Functions

Enterprise-Grade Protection

  • Digital transaction signing with cryptographic proof of authenticity
  • Public address generation for secure asset management
  • Ownership verification with immutable blockchain records
  • Cryptographic encryption providing enterprise-level security

Business Impact: 99.9% protection against unauthorized blockchain access

Audit & Governance

  • Tamper-proof transaction records for regulatory reporting
  • Cryptographic audit trails for compliance verification
  • Enterprise governance controls for risk management
  • Regulatory-ready security for financial institutions

Business Impact: 95% reduction in compliance verification overhead

Enterprise Operations

  • Automated transaction signing for system integrations
  • Secure asset custody for institutional blockchain operations
  • Multi-signature capabilities for enterprise authorization workflows
  • High-availability security for 24/7 operations

Business Impact: 90% improvement in operational security efficiency

Enterprise Risk Management

Critical Security Warning: Inadequate private key management can result in irreversible asset loss, unauthorized access to enterprise blockchain operations, and compromised business continuity. Enterprise organizations require robust key governance frameworks.


Enterprise Key Management Strategies

Strategic Key Management

Enterprise Flexibility: SettleMint supports multiple key storage and generation strategies to balance security, operational requirements, and regulatory compliance across diverse enterprise environments.

1. External Enterprise Key Integration

Hardware Wallet Integration

  • Ledger/Trezor – Hardware-secured key storage with enterprise policies
  • MetaMask Enterprise – Institutional-grade browser wallet integration
  • Cold storage solutions – Air-gapped security for maximum protection

Enterprise Key Vaults

  • AWS KMS – Cloud-native key management with enterprise controls
  • Azure Key Vault – Microsoft enterprise security integration
  • OpenSSL & CLI Tools – Custom enterprise key generation workflows

2. SettleMint Native Key Management

Integrated Security

Platform Advantage: Built-in private key generation eliminates external dependencies while maintaining enterprise-grade security and compliance standards.

Enterprise Capabilities:

  • Multi-tier security options (ECDSA P-256, HD ECDSA P-256, HSM)
  • Cross-network key management for multi-blockchain enterprise deployments
  • Secure transaction signing with enterprise audit trails
  • Zero external exposure of private key material

3. Advanced Enterprise Key Material

Hierarchical Deterministic Implementation

  • 12/24-word mnemonic phrases for enterprise backup strategies
  • Master seed derivation enabling structured enterprise key management
  • Deterministic key generation for predictable enterprise operations
  • Backup recovery protocols for business continuity planning

Enterprise Derivation Paths:

m/44'/60'/0'/0/0  (Ethereum Enterprise Standard)
m/44'/0'/0'/0/0   (Bitcoin Enterprise Standard)

Key Governance Framework

  • Role-based key access aligned with organizational hierarchy
  • Audit trail integration for compliance and security monitoring
  • Key rotation policies for enhanced security posture
  • Multi-signature workflows for enterprise authorization requirements

Enterprise HD Benefits: Multiple child keys from single master seed enable structured backups, organizational key hierarchies, and simplified enterprise key management at scale.


Enterprise Transaction Signing Infrastructure

Production-Ready Signing

Enterprise Integration: SettleMint's signing proxy provides secure, scalable transaction execution with enterprise-grade audit trails and seamless development tool compatibility.

Secure Transaction Workflow

Transaction Capture

  • eth_sendTransaction interception via JSON-RPC endpoints
  • Enterprise logging for audit trail compliance
  • Transaction validation with business rule enforcement

Secure Key Selection

  • Appropriate private key selection from enterprise key management
  • Role-based authorization for transaction signing
  • Multi-signature support for enterprise workflows

Blockchain Delivery

  • Cryptographically signed transaction execution
  • Guaranteed delivery to blockchain nodes
  • Real-time monitoring for enterprise operations

Enterprise Development Integration

Direct Blockchain Node Access

  • Standard Ethereum JSON-RPC endpoints for universal compatibility
  • Enterprise security with transparent signing proxy
  • Full API compatibility with existing blockchain tools
  • Production-ready scaling for high-volume operations

Ethereum JSON-RPC Specification

Enterprise Development Workflows

  • Remote transaction signing for secure development environments
  • Production configuration with enterprise key management
  • Seamless deployment pipelines for blockchain applications
  • Development-to-production continuity with consistent security

Hardhat Enterprise Configuration


Enterprise Security Considerations

Security Framework

Enterprise Decision Matrix: Choose the appropriate security tier based on regulatory requirements, risk tolerance, and operational complexity for optimal enterprise blockchain security posture.

Security Tier Analysis

Accessible ECDSA P-256

  • Software memory storage for rapid development and testing
  • Cost-effective solution for low-risk enterprise applications
  • High performance with immediate key access for development workflows
  • Standard compliance with industry cryptographic protocols

Enterprise Use Cases: Development environments, testing workflows, low-value transactions

Hierarchical Deterministic Keys

  • Single mnemonic seed generates unlimited child keys for enterprise scale
  • Structured backup strategies with deterministic recovery capabilities
  • Enterprise key hierarchy supporting complex organizational structures
  • Advanced governance with derivation path control for security policies

Enterprise Use Cases: Multi-department organizations, structured asset management, enterprise backup strategies

Hardware Security Modules

  • Tamper-resistant hardware providing maximum security assurance
  • Regulatory compliance meeting financial institution requirements
  • Enterprise audit capabilities with certified security standards
  • Zero compromise protection against advanced persistent threats

Enterprise Use Cases: Financial institutions, regulated industries, high-value asset custody

Enterprise Security Decision Matrix

Security MethodSecurity LevelCompliance LevelEnterprise Use Cases
Software ECDSAStandardBasicDevelopment, testing, low-risk operations
HD WalletsEnhancedAdvancedMulti-account management, enterprise backups
HSM ProtectionMaximumRegulatoryFinancial services, regulatory compliance, high-value custody

Enterprise Recommendation

Best Practice: Implement a tiered security approach using HSMs for production assets, HD wallets for operational management, and software keys for development environments.


Enterprise Security Best Practices

Enterprise Security Framework

Comprehensive Protection: Implement layered security controls combining technical safeguards, organizational policies, and continuous monitoring for robust enterprise blockchain security.

Enterprise Security Controls

Technical Safeguards

  • Encrypted air-gapped storage for critical key material backup
  • Hardware Security Modules for maximum protection of production keys
  • Multi-signature workflows for enterprise authorization requirements
  • Zero-knowledge architecture minimizing key exposure

Operational Controls

  • Multi-Factor Authentication (MFA) for all key management operations
  • Role-based IAM policies aligned with organizational hierarchy
  • Regular key rotation following enterprise security schedules
  • Comprehensive audit logging for compliance and security monitoring

Enterprise Governance Framework

Enterprise Access Management

  • Role-based permissions aligned with business functions and risk levels
  • Principle of least privilege limiting access to necessary operations only
  • Time-bound access with automatic expiration for enhanced security
  • Emergency access procedures for business continuity scenarios

Implementation: IAM integration with enterprise directory services

Continuous Security Surveillance

  • Real-time transaction monitoring with automated anomaly detection
  • Security event alerting for suspicious key usage patterns
  • Compliance reporting for regulatory audit requirements
  • Incident response workflows for rapid security threat mitigation

Tools: SIEM integration, automated alerting, compliance dashboards

Enterprise Recovery Strategies

  • Disaster recovery procedures for key material and access restoration
  • Geographic distribution of backup key material for resilience
  • Regular recovery testing to validate business continuity procedures
  • Documentation and training for security incident response teams

Compliance: Regular recovery drills, documented procedures, staff training

Enterprise Risk Management

Critical Security Protocols: Unauthorized key access can result in irreversible financial loss and compromised business operations. Enterprise organizations must implement comprehensive security governance frameworks.


Enterprise Integration Resources

Technical Documentation

Blockchain Integration

Enterprise Security Solutions


Enterprise Private Key Creation

Flexible Key Management

Enterprise Options: Organizations can leverage external enterprise wallet solutions (MetaMask Enterprise, hardware wallets) or utilize SettleMint's integrated key management for streamlined operations and enhanced security.

SettleMint's integrated signing proxy architecture captures eth_sendTransaction calls, applies appropriate enterprise security policies, and executes transactions with the designated private keys. This enterprise-grade infrastructure supports both direct JSON-RPC integration and development framework compatibility (Hardhat, Truffle) configured for remote signing operations.

Create a private key

Navigate to your application, click Private keys in the left navigation, and then click Create a private key. This opens a form.

Follow these steps to create the private key:

  1. Choose a private key type:

    • Accessible ECDSA P256: Standard Ethereum-style private keys with exposed mnemonic
    • HD ECDSA P256: Hierarchical Deterministic keys for advanced key management
    • HSM ECDSA P256: Hardware Security Module protected keys for maximum security
  2. Choose a name for your private key

  3. Select the nodes on which you want the key to be active

  4. Click Confirm to create the key

# Create Accessible ECDSA P256 key
settlemint platform create private-key accessible-ecdsa-p256 my-key \
  --application my-app \
  --blockchain-node node-123

# Create HD ECDSA P256 key
settlemint platform create private-key hd-ecdsa-p256 my-key \
  --application my-app

# Create HSM ECDSA P256 key
settlemint platform create private-key hsm-ecdsa-p256 my-key \
  --application my-app
import { createSettleMintClient } from '@settlemint/sdk-js';

const client = createSettleMintClient({
  accessToken: 'your_access_token',
  instance: 'https://console.settlemint.com'
});

// Create private key
const createKey = async () => {
  const result = await client.privateKey.create({
    name: "my-key",
    applicationUniqueName: "my-app",
    privateKeyType: "ACCESSIBLE_ECDSA_P256", // or "HD_ECDSA_P256" or "HSM_ECDSA_P256"
    blockchainNodeUniqueNames: ["node-123"] // optional
  });
  console.log('Private key created:', result);
};

Manage private keys

  1. Navigate to your application's Private keys section
  2. Click on a private key to:
    • View details and status
    • Manage node associations
    • Check balances
    • Fund the key
# List all private keys
settlemint platform list private-keys --application <app-name>

# View specific key details
settlemint platform read private-key <private-key-unique-name>

# Restart a private key
settlemint platform restart private-key <private-key-unique-name>
// List private keys
const listKeys = async () => {
  const keys = await client.privateKey.list("your-app-name");
};

// Get key details
const getKey = async () => {
  const key = await client.privateKey.read("key-unique-name");
};

// Restart key
const restartKey = async () => {
  await client.privateKey.restart("key-unique-name");
};

Fund the private key

For networks that require gas to perform a transaction, your private key should contain enough funds to cover the gas price.

  1. Click the private key in the overview to see detailed information
  2. Open the Balances tab
  3. Click Fund
  4. Scan the QR code with your wallet/exchange to fund the key

Ensure your private key has sufficient funds before attempting transactions on networks that require gas fees.