Skip to main content
Secondary wallets are a critical security practice for API operations. This guide covers the security principles and best practices.

Security Principles

Principle of Least Privilege

Secondary wallets implement the principle of least privilege by:
  • Limited scope: Only used for specific API operations
  • Minimal permissions: No access to personal or business funds
  • Controlled access: Restricted to authorized API endpoints
  • Audit trail: All activities are logged and monitored

Defense in Depth

Using secondary wallets creates multiple security layers:

Primary Wallet

  • Remains secure and isolated
  • No API access or exposure
  • Protected from compromise
  • Maintains full control

Secondary Wallet

  • Limited scope and access
  • Dedicated for API operations
  • Easy to replace if compromised
  • Clear separation of concerns

Security Benefits

Risk Mitigation

  • Isolation: API operations isolated from main funds
  • Exposure reduction: Limited attack surface
  • Quick recovery: Easy to replace compromised wallet
  • Damage control: Minimal impact from security incidents

Compliance and Audit

  • Clear separation: Business vs. personal transactions
  • Audit trails: All API activities are traceable
  • Regulatory compliance: Meets separation requirements
  • Documentation: Clear purpose and usage records

Security Best Practices

Wallet Management

Access Control

  • Limit access to authorized personnel
  • Implement role-based permissions
  • Regular access reviews
  • Secure key storage

Monitoring

  • Real-time activity monitoring
  • Automated alerts for unusual activity
  • Regular security audits
  • Transaction pattern analysis

Backup Strategy

  • Secure backup procedures
  • Multiple secure locations
  • Regular backup testing
  • Recovery documentation

Incident Response

  • Immediate compromise response
  • Wallet replacement procedures
  • Communication protocols
  • Post-incident analysis

Security Checklist

1

Wallet Creation

Generate new wallet with secure entropy Store private key in secure location Document wallet purpose and scope
2

Access Control

Implement strict access controls Use secure key management systems Regular access reviews and audits
3

Monitoring Setup

Configure real-time monitoring Set up automated alerts Establish incident response procedures
4

Documentation

Document security procedures Maintain incident response plans Regular security training

Security Considerations

Threat Models

Compromised API Credentials:
  • Secondary wallet limits exposure
  • Easy to replace without affecting main funds
  • Clear audit trail for investigation
Malicious API Usage:
  • Limited scope prevents widespread damage
  • Monitoring detects unusual patterns
  • Quick response and recovery procedures
Internal Threats:
  • Access controls limit unauthorized use
  • Audit trails provide accountability
  • Separation reduces insider threat impact

Compliance Requirements

  • Regulatory separation: Meets financial regulation requirements
  • Audit trails: Provides clear transaction history
  • Risk management: Demonstrates security best practices
  • Documentation: Supports compliance reporting

Incident Response

Compromise Detection

  • Unusual activity: Monitor for unexpected transactions
  • Failed authentication: Track authentication failures
  • Pattern changes: Detect deviations from normal usage
  • Security alerts: Automated monitoring and notifications

Response Procedures

1

Immediate Response

Disable compromised wallet access Notify security team immediately Document incident details
2

Investigation

Analyze compromise scope and impact Review audit logs and monitoring data Identify root cause and vulnerabilities
3

Recovery

Generate new secondary wallet Update API configurations Restore secure operations
4

Post-Incident

Update security procedures Conduct team training Implement additional safeguards
  • Document purpose: Clearly label this wallet for API operations only

Security Measures

  • Separate storage: Store private key separately from primary wallet
  • Backup securely: Create secure backups of the private key
  • Access control: Limit access to authorized personnel only
  • Regular audits: Review wallet activity and access logs

Operational Guidelines

  • Dedicated use: Use exclusively for API operations
  • No personal transactions: Keep separate from personal crypto activities
  • Clear labeling: Mark all transactions as API-related
  • Documentation: Maintain clear records of wallet purpose and usage

Recovery Procedures

If Wallet is Compromised

1

Immediate Actions

Stop all API operations immediately
2

Assess Damage

Review recent transactions
3

Create New Wallet

Generate replacement wallet
4

Update Configuration

Update environment variables
5

Resume Operations

Test with new wallet