Accounts
Vault will support 2 accounts types
- User Account (coming soon):
- Service Account
User accounts can be authenticated by:
- passkey
- SIWE
- OTP (email/SMS)
- oauth (google etc)
These are meant to be owned and operated by end-users and are ideal for integrating with consumer facing applications that want to provide a web2 like blockchain experience, while still being fully non-custodial.
Service accounts in thirdweb Vault provide a hierarchical security model for organizational key management, combining administrative control with precise delegation capabilities. These are ideal for applications where you have programmatic access control needs for wallets, but still want to keep the system non-custodial.
Engine Service Accounts
thirdweb uses vault service accounts to power engine
A service account has two primary credentials:
- Admin Key: Grants access to every operation on every entity owned by the account
- Rotation Code: Used to invalidate current credentials and generate new ones during security events
Service Accounts can used in combination with access-tokens to build non-custodial programmable access control for your enterprise applications.