Skip to main content

Security Model

Agent Wallet uses a non-custodial architecture with private keys secured inside AWS Nitro Enclaves. Finance District is an infrastructure provider — we don’t hold custody of your wallet or keys. This is by design and architecture, similar to services like Turnkey. You have full control over your wallet at all times.

The Problem with Current Approaches

If your AI agent needs a wallet today, you’re probably doing one of these: Environment variables. Generate a private key, store it in .env, use it in your agent code. This is the most common pattern in agent ecosystems — and the most dangerous. One compromised server, one leaked log, one misconfired deploy, and the key is gone. This isn’t theoretical — credential leaks and key exposure are already being documented across agent platforms. Application config. Private key in a JSON config, YAML file, or secrets manager that the application reads at startup. Better than .env, but still accessible to anything with file or process access on the host. Agent-managed keys. The agent generates and manages its own key material, typically held in memory or the agent’s storage. If the agent is compromised — or if the orchestrator framework has a vulnerability — the key goes with it. All of these patterns share one fundamental flaw: the key exists somewhere the host system can reach it.

Trusted Execution Environment (TEE)

Agent Wallet uses AWS Nitro Enclaves for key management. Nitro Enclaves are isolated compute environments that run on dedicated, hardened hardware — separate from the host instance’s CPU, memory, and storage. How it works:
  1. Your private key is generated inside the Nitro Enclave
  2. The key never leaves the enclave
  3. All transaction signing happens inside the enclave
  4. The host operating system cannot access the enclave’s memory or storage
  5. Even Finance District infrastructure operators cannot extract key material
The enclave receives signing requests, performs the cryptographic operation internally, and returns the signed transaction. At no point is the raw private key exposed to any external process, API, or human.

Comparison

ApproachWhere Keys LiveWho Can AccessRisk
Environment variablesHost memory / diskAnyone with server accessHigh — one breach exposes keys
Application configConfig filesApp + anyone with file accessHigh
Agent-managedAgent memory / storageAgent + orchestratorMedium — agent compromise = key compromise
TEE (Agent Wallet)Nitro EnclaveNobody — signing happens insideLow — hardware isolation

Non-Custodial Architecture

Finance District is an infrastructure provider, not a custodian. The architecture is non-custodial by design:
  • We don’t hold your keys. Keys exist inside Nitro Enclaves. There is no mechanism for Finance District to extract, copy, or use your private keys.
  • You have full control. You can withdraw funds, export your keys, and manage your wallet at any time.
  • You can export your keys. Through the Signer Service web interface, you can request a full key export and back up your private keys independently. This means you are never locked into Finance District infrastructure.
This is the same non-custodial model used by infrastructure providers like Turnkey — the platform secures and manages keys on your behalf, but you retain ownership and can take your keys elsewhere at any time.
Key export means you can always self-custody. Agent Wallet is infrastructure you choose to use, not a walled garden you’re locked into.

What We Don’t Do

To be explicit about the security boundaries:
  • We don’t store keys in environment variables — keys live in Nitro Enclaves, not on the host
  • We don’t trust the host environment — the enclave is isolated from the host OS, memory, and storage
  • We don’t hold custody — no Finance District employee or system can access your private keys
  • We don’t let agents manage key material — agents call signing operations; they never touch the key itself
  • We don’t expose raw private keys through any interface — MCP, CLI, AI Assistant, and Web App all interact with signing as a service, not with keys directly

Audit Trail

Every on-chain transaction your wallet makes is recorded on the blockchain and visible through any block explorer. Agent Wallet does not maintain a separate proprietary logging layer — the blockchain itself is your audit trail. To review your wallet’s activity:
  • Look up your wallet address on the relevant chain’s block explorer (Etherscan, Basescan, Solscan, etc.)
  • Every transaction includes sender, recipient, amount, token, timestamp, and transaction hash
  • On-chain history is immutable and independently verifiable
This means your audit trail doesn’t depend on Finance District — it’s public, permanent, and cryptographically guaranteed by the blockchain.

Redundancy and Key Safety

The system has built-in redundancy and backup procedures. Simple hardware failures do not result in key loss — the infrastructure is designed to survive individual component failures without interrupting service. If you want additional peace of mind:
  • Export your keys at any time through the Signer Service web interface
  • Back up exported keys using your own secure storage (hardware wallet, encrypted backup, etc.)
  • Self-custody as fallback — exported keys work with any standard wallet software

Your Controls

You — the wallet owner — have full control at all times:
  • View activity — check your transaction history on-chain via block explorers
  • Withdraw funds — move your funds out of the wallet whenever you want
  • Export keys — request a full key export through the Signer Service interface
  • Fund conservatively — the pocket money approach is your primary risk control
The non-custodial architecture means these controls are inherent to the design, not features that can be revoked. Your wallet is yours.