0xKey
// Programmable accounts for humans and AI

The programmable accountlayer for humans and AI.

Keys don't just sign. They decide. 0xKey turns private keys into programmable accounts — with a policy engine that runs inside AWS Nitro Enclaves and signs for users, services, and AI agents alike.

Non-custodial · Policy-gated · Cryptographically verifiable

Decision feed · live
enclave-01.us-east-1
agent://trader-7ALLOW

swap 0.4 ETH → USDC

policy: daily_cap < 5 ETH && venue in allowlist

treasury://opsREQUIRES_CONSENSUS

transfer 50,000 USDC

policy: approvers ≥ 2 && window in business_hours

agent://scraper-2DENY

sign arbitrary payload

policy: method not in {eth_sign, personal_sign}

evaluated in AWS Nitro Enclave · signed by hardwarep99 ~50ms

One account. Every chain. Every actor.

EVMSolanaBitcoinCosmosAptosSuiAI agentsM2M paymentsPolicy-gated signingPasskey authReproducible buildsAWS Nitro attestation

01 / Foundation

One account. Three programmable shapes.

The same non-custodial primitive, reshaped for users, teams, and autonomous agents — all governed by the same policy engine.

Invisible Wallets

Give users accounts they never have to see. Passkey, OAuth, or email — no seed phrases, no extensions, no hand-holding. Recovery built in.

Explore

Operational Accounts

Treasury, payroll, and ops wallets governed by multi-approver quorums and spending policies — every rule evaluated inside the enclave on every request.

Explore

Agent-native Accounts

Give AI agents, services, and bots bounded authority to transact. Quotas, allowlists, time windows — enforced in hardware, not hope.

Explore

02 / Developer flow

From API call to cryptographic proof

Four primitives, the same account. Integrate once; ship to humans and agents in the same motion.

step 01 · Create
@0xkey/sdk

Provision an account

Generate a non-custodial account with one API call. The key material is born inside an AWS Nitro enclave and never leaves.

const account = await client.accounts.create({
  chains: ["ethereum", "solana"],
  auth:   { passkey: true, oauth: ["google"] },
});

03 / Core primitives

Built for developers who care about cryptographic guarantees

Every primitive — authentication, policy, signing, session — runs inside the enclave. No middleware trust. No black-box APIs.

Agent-native accounts

Treat AI agents, services, and bots as first-class account holders. Issue bounded signing authority with quotas and allowlists — enforced in hardware, not hope.

Learn more

Programmable policy engine

A CEL-based policy engine evaluates every request inside the enclave. Compose spending caps, method allowlists, time windows, and multi-approver quorums like code.

Learn more

Universal by design

One API, one account primitive, every execution environment. EVM, Solana, Bitcoin, Cosmos, and whatever comes next — curve-agnostic, chain-agnostic.

Learn more

Verifiable end to end

Every signature carries a hardware-signed attestation, a reproducible build hash, and an open-source reference. Trust the proof, not the vendor.

Learn more

04 / Programmable trust

Programmable trust. Verifiable by anyone.

You don't have to take our word for it. Every account, every policy, every signature emits a proof you can audit yourself.

Structurally non-custodial

0xKey cannot access your keys — not even in a breach. Private keys are generated inside the enclave and encrypted to hardware that only the enclave can unlock.

Policy-enforced signing

A CEL-based policy engine evaluates every signing request inside the AWS Nitro enclave. Per-key quotas, method allowlists, time windows, and multi-approver quorums — cryptographically enforced, not middleware.

Reproducible build attestation

Enclave code is compiled with reproducible builds. Verify the SHA-256 of the running binary against our published source — no blind trust, no black box.

Universal by design

Curve-agnostic, chain-agnostic. EVM, Solana, Bitcoin, Cosmos, and whatever comes next — one API, one account primitive, every actor.

Independent security audits

Our enclave code and infrastructure are reviewed by outside firms on an ongoing cadence.

Security details
Complete

Trail of Bits

Q1 2025

Complete

Zellic

Q2 2025

In Progress

Cure53

Q3 2025

Planned

SOC 2 Type II

2026

05 / Platform

One API. Programmable policy. Any chain.

Policies enforced inside AWS Nitro Enclaves — built for AI agents that need autonomous, bounded signing authority without sacrificing cryptographic security.

50ms

P99 sign latency

99.9%

Uptime SLA

AWS Nitro

Hardware isolation

Any Chain

EVM · SVM · BTC · Cosmos

Enclave-enforced policy engine: Every signing request is evaluated by a CEL-based policy engine inside the AWS Nitro enclave. Per-key quotas, method allowlists, time windows, and multi-approver quorums — enforced in hardware, not a middleware layer.

Structurally non-custodial: 0xKey is non-custodial by cryptographic design. No 0xKey employee or system can access, move, or decrypt private keys — even in a breach scenario.

Reproducible build attestation: Enclave code is compiled with reproducible builds. Verify the binary hash running in production against our open-source repository at any time — no trust required.

Hardware attestation: Every enclave produces an AWS Nitro attestation report signed by hardware. Verify exactly what code is running before you trust it with a single signature.

06 / Start shipping

Build accounts, not wallets.

Start with a free developer key. Ship your first policy-gated, agent-signed transaction in minutes.