Turnkey

Wallet Enterprise MPC

Best for: Enterprise with strict security requirements; policy engine for automated signing rules; high-compliance environments

Not ideal for: Simple use cases where TEE overhead is unnecessary; small teams without security expertise

Key Signals

Key Management

TEE (Trusted Execution Environment)

Chain Support

EVM + Solana + BTC + 30+ chains

Integration

REST API + SDK

Pricing

Usage-based

Features

🔒

TEE-Based Key Isolation

Private keys are generated and used exclusively inside hardware-backed Trusted Execution Environments (Intel SGX). Not even Turnkey employees can access key material — cryptographic attestation proves TEE integrity on every signing request.

📋

Programmable Policy Engine

Define granular signing rules — e.g., "allow agents to sign ERC-20 transfers under $500 automatically; require human approval above that threshold." Policies are evaluated inside the TEE before any signing occurs, enforcing rules without trusting the calling application.

🌐

30+ Chain Support

Turnkey supports EVM chains, Solana, Bitcoin, Cosmos, Sui, Aptos, and more — one of the broadest chain coverage sets in the agent wallet space. All chains share the same policy engine and API surface.

✅

SOC 2 Type II Certified

Turnkey holds SOC 2 Type II certification, providing audited assurance of security controls. Required by many enterprise and financial services customers as a procurement prerequisite.

Ratings

Security Architecture

4.9/5

Policy Engine

4.7/5

Chain Coverage

4.6/5

Ease of Setup

3.2/5

Ratings based on Turnkey documentation, policy engine reference, and SOC 2 report summary — not end-to-end production testing. Ease of setup reflects the learning curve of TEE attestation and policy authoring for new teams.

Integration

// Install Turnkey SDK
npm install @turnkey/sdk-server

import { Turnkey } from "@turnkey/sdk-server";

const turnkey = new Turnkey({
  apiBaseUrl: "https://api.turnkey.com",
  apiPublicKey: process.env.TURNKEY_API_PUBLIC_KEY!,
  apiPrivateKey: process.env.TURNKEY_API_PRIVATE_KEY!,
  defaultOrganizationId: process.env.TURNKEY_ORGANIZATION_ID!,
});

// Create a policy-gated wallet for an agent
const { walletId } = await turnkey.api.createWallet({
  walletName: "agent-treasury-001",
  accounts: [{ curve: "CURVE_SECP256K1", pathFormat: "PATH_FORMAT_BIP32",
    path: "m/44'/60'/0'/0/0", addressFormat: "ADDRESS_FORMAT_ETHEREUM" }],
});

// Sign a transaction — policy engine validates before signing
const { signedTransaction } = await turnkey.api.signTransaction({
  signWith: walletAddress,
  unsignedTransaction: serializedTx,
  type: "TRANSACTION_TYPE_ETHEREUM",
});

Alternatives & Tradeoffs

Privy Server Wallets

Simpler server wallets without TEE overhead; better developer experience for standard use cases

→

Safe Smart Accounts

Open source multisig alternative; onchain policy enforcement via smart contract logic

→

Coinbase AgentKit

Open source MPC; much simpler setup for teams without dedicated security engineering

→