What is Turnkey?
Turnkey is a non-custodial key management platform that provides secure, programmatic access to private keys through Trusted Execution Environments (TEEs) — enabling agent wallets that can sign transactions via API while keeping keys secure.
WHY IT MATTERS
The core challenge for agent wallets: the agent needs to sign transactions (requires key access) but the key must be protected (requires isolation). Turnkey solves this by storing keys in TEEs — secure hardware enclaves where the key is used but never exposed.
Developers interact with Turnkey through an API. The agent sends a transaction to sign, Turnkey's TEE signs it and returns the signature. The private key never leaves the TEE — even Turnkey's own systems can't access it. This provides the security of hardware wallets with the programmatic access agents need.
Turnkey also supports policy layers — defining rules about what can be signed (amount limits, recipient restrictions, time windows). These policies are enforced inside the TEE, making them tamper-resistant.
HOW POLICYLAYER USES THIS
PolicyLayer adds application-level spending controls on top of Turnkey's key management — creating a two-layer defense: Turnkey secures the signing process, PolicyLayer validates what gets signed. Together, they provide comprehensive agent wallet security.