diff --git a/assets/files/Consumer_Wallets.png b/assets/files/Consumer_Wallets.png
deleted file mode 100644
index 80913a38..00000000
Binary files a/assets/files/Consumer_Wallets.png and /dev/null differ
diff --git a/assets/files/embedded-consumer-wallet.png b/assets/files/embedded-consumer-wallet.png
new file mode 100644
index 00000000..37bf84e3
Binary files /dev/null and b/assets/files/embedded-consumer-wallet.png differ
diff --git a/embedded-wallets/code-examples/embedded-consumer-wallet.mdx b/embedded-wallets/code-examples/embedded-consumer-wallet.mdx
index f69d461e..9f095f70 100644
--- a/embedded-wallets/code-examples/embedded-consumer-wallet.mdx
+++ b/embedded-wallets/code-examples/embedded-consumer-wallet.mdx
@@ -1,16 +1,34 @@
---
title: "Embedded Consumer Wallet"
-description: "Turnkey provides wallet infrastructure with flexible authentication, programmable transaction flows, and granular access controls, while keys remain in hardware-backed enclaves. Start with the Embedded Wallet Kit and drop down to low-level primitives when you need to customize. "
+description:
+ "Turnkey provides wallet infrastructure with flexible authentication, programmable transaction
+ flows, and granular access controls, while keys remain in hardware-backed enclaves. Start with the
+ Embedded Wallet Kit and drop down to low-level primitives when you need to customize. "
---
**Why Turnkey for Embedded Consumer Wallets**\
-Turnkey delivers a secure, flexible solution for embedding end-user wallets directly into your application. Users sign in with familiar methods (passkeys, email, OAuth), without seed phrases, browser extensions, or external wallets. Turnkey lets you compose your app's core experiences (onboarding, wallet flows, and transactions) with full control, without restricting critical product decisions to pre-built flows. Keys stay inside hardware-backed Trusted Execution Environments [(TEEs)](/security/secure-enclaves), ensuring private keys are never exposed to your developers or to Turnkey.
-
-You can use the [Embedded Wallet Kit](/reference/embedded-wallet-kit) for fast integration, or [Turnkey SDKs](/sdks/introduction) and the [API](/api-reference/overview) for more customization. Leading apps like [Moonshot](https://www.turnkey.com/customers/how-moonshot-powers-millions-of-self-custodial-wallets-using-turnkey), [Infinex](https://www.turnkey.com/customers/making-onchain-ux-seamless-with-infinex-and-turnkey), and [Axiom](https://www.turnkey.com/customers/axiom-global-defi-trading-platform) use Turnkey for embedded consumer wallets in production.
+Turnkey delivers a secure, flexible solution for embedding end-user wallets directly into your
+application. Users sign in with familiar methods (passkeys, email, OAuth), without seed phrases,
+browser extensions, or external wallets. Turnkey lets you compose your app's core experiences
+(onboarding, wallet flows, and transactions) with full control, without restricting critical product
+decisions to pre-built flows. Keys stay inside hardware-backed Trusted Execution Environments
+[(TEEs)](/security/secure-enclaves), ensuring private keys are never exposed to your developers or
+to Turnkey.
+
+You can use the [Embedded Wallet Kit](/reference/embedded-wallet-kit) for fast integration, or
+[Turnkey SDKs](/sdks/introduction) and the [API](/api-reference/overview) for more customization.
+Leading apps like
+[Moonshot](https://www.turnkey.com/customers/how-moonshot-powers-millions-of-self-custodial-wallets-using-turnkey),
+[Infinex](https://www.turnkey.com/customers/making-onchain-ux-seamless-with-infinex-and-turnkey),
+and [Axiom](https://www.turnkey.com/customers/axiom-global-defi-trading-platform) use Turnkey for
+embedded consumer wallets in production.
## Key implementation decisions
-Turnkey enables developers to tailor non-custodial, embedded user wallets across dimensions such as custody model, authentication, and more. See the key implementation decisions below to curate the exact user experience you need. For a full map of embedded wallet capabilities, see the [Features overview](/embedded-wallets/features/overview).
+Turnkey enables developers to tailor non-custodial, embedded user wallets across dimensions such as
+custody model, authentication, and more. See the key implementation decisions below to curate the
+exact user experience you need. For a full map of embedded wallet capabilities, see the
+[Features overview](/embedded-wallets/features/overview).
| Decision | Explanation | Learn more |
| :------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -31,27 +49,40 @@ Choose how much control users and your app have over signing:
| **App-controlled** | Your backend can authorize actions (automation, trading, subscriptions). | **Seamless Automation:** Ideal for custodial products like trading bots or subscriptions that require acting on a user's behalf without manual approval. |
| **Delegated / hybrid** | Scoped permissions shared between user and backend. | **Frictionless UX:** Enables background actions (e.g., gas sponsorship or scheduled ops) while keeping the user in final control of asset transfers. |
-Configure via [policies](/concepts/policies/quickstart) and[ sub-organization settings](/sdks/react/sub-organization-customization). See [Delegated Access](/concepts/policies/delegated-access-frontend) for non-custodial, hybrid, and app-controlled options.
+Configure via [policies](/concepts/policies/quickstart)
+and[ sub-organization settings](/sdks/react/sub-organization-customization). See
+[Delegated Access](/concepts/policies/delegated-access-frontend) for non-custodial, hybrid, and
+app-controlled options.
### Authentication
Balance security and friction for your audience:
-- **Passkeys:** Phishing-resistant, biometric. See [passkey authentication](/authentication/overview).
-- **OAuth / email:** Familiar, low-friction. See [Authentication Overview](/authentication/overview).
+- **Passkeys:** Phishing-resistant, biometric. See
+ [passkey authentication](/authentication/overview).
+- **OAuth / email:** Familiar, low-friction. See
+ [Authentication Overview](/authentication/overview).
- **SMS:** Market-dependent; consider risk and compliance.
-Turnkey authentication plugs into your onboarding flow. You can use the [Auth Proxy](/reference/auth-proxy) when you want backend-signed OTP/OAuth/signup with origin enforcement and central config without hosting your own backend; your frontend calls Auth Proxy endpoints directly. Alternatively, wire auth to your app. Get started with the [Embedded Wallets Quickstart](/sdks/react/index).
+Turnkey authentication plugs into your onboarding flow. You can use the
+[Auth Proxy](/reference/auth-proxy) when you want backend-signed OTP/OAuth/signup with origin
+enforcement and central config without hosting your own backend; your frontend calls Auth Proxy
+endpoints directly. Alternatively, wire auth to your app. Get started with the
+[Embedded Wallets Quickstart](/sdks/react/index).
### Session management
Choose how users stay authorized and where session credentials live:
-- **Read-write vs read-only:** Read-write sessions (OTP, OAuth, passkey sessions) let users perform multiple signed actions in a time window. Read-only sessions suit low-touch apps where you mainly need to read data (e.g., via parent-org access or a read-only session token).
-- **Storage:** IndexedDB (web) for persistent, client-held sessions without exposing keys to your JavaScript; SecureStorage (mobile); or LocalStorage (keys in app-accessible storage).
+- **Read-write vs read-only:** Read-write sessions (OTP, OAuth, passkey sessions) let users perform
+ multiple signed actions in a time window. Read-only sessions suit low-touch apps where you mainly
+ need to read data (e.g., via parent-org access or a read-only session token).
+- **Storage:** IndexedDB (web) for persistent, client-held sessions without exposing keys to your
+ JavaScript; SecureStorage (mobile); or LocalStorage (keys in app-accessible storage).
- **Session duration:** Default: 15 minutes (configurable via `expirationSeconds`).
-See [Sessions](/authentication/sessions) for mechanisms, refresh, and FAQ, and the [Embedded Wallets Quickstart](/sdks/react/index) for configuration.
+See [Sessions](/authentication/sessions) for mechanisms, refresh, and FAQ, and the
+[Embedded Wallets Quickstart](/sdks/react/index) for configuration.
### Wallet architecture
@@ -62,33 +93,58 @@ Choose where keys are generated and how wallets interact with the blockchain.
| **Key-based (HD wallets)** | Chain-agnostic, no on-chain deployment, broad compatibility. | Standard derivation and signing. |
| **Smart contract wallets** | Gas sponsorship, batching, advanced permissions. | Requires on-chain deployment and infrastructure. |
-Turnkey supports both. See [Wallets Concept](/concepts/wallets) and [Transaction Management](/concepts/transaction-management) for derivation and gas sponsorship.
+Turnkey supports both. See [Wallets Concept](/concepts/wallets) and
+[Transaction Management](/concepts/transaction-management) for derivation and gas sponsorship.
### Gas sponsorship
-Provide gasless UX by sponsoring gas for your users. Turnkey supports sponsored transactions and relay integration so users can sign and send without holding native tokens.
+Provide gasless UX by sponsoring gas for your users. Turnkey supports sponsored transactions and
+relay integration so users can sign and send without holding native tokens.
-See [Transaction Management](/concepts/transaction-management) for gas sponsorship, transaction construction, broadcast, nonce management and monitoring capabilities.
+See [Transaction Management](/concepts/transaction-management) for gas sponsorship, transaction
+construction, broadcast, nonce management and monitoring capabilities.
### Key portability
-Enable key portability and define whether users can import or export private keys. Enabling export can support user sovereignty and long-term trust. See [Import/Export wallets](https://docs.turnkey.com/sdks/react/using-embedded-wallets#importing-and-exporting-wallets).
+Enable key portability and define whether users can import or export private keys. Enabling export
+can support user sovereignty and long-term trust. See
+[Import/Export wallets](https://docs.turnkey.com/sdks/react/using-embedded-wallets#importing-and-exporting-wallets).
## Core security principles
Embedded consumer wallet with Turnkey is built on these key principles:
-- **Keys never leave the enclave:** Private keys live in [Trusted Execution Environments (TEEs)](/security/secure-enclaves). All derivation and signing happen inside verifiable infrastructure; only signatures are returned. [Remote attestation](https://whitepaper.turnkey.com/architecture) lets you verify enclave integrity. Raw keys are never exposed to your app or to Turnkey.
-- **Authenticator-bound requests:** Every sensitive operation is signed by a user-held authenticator (passkey, email, etc.). The enclave verifies the signature and then performs the operation. No request, no signing; a compromise outside the enclave cannot move funds. See [Authentication Overview](/authentication/overview) for supported methods and [Enclave to end-user secure channel](/security/enclave-secure-channels) for how requests are verified.
-- **Scoped, programmable control:** Choose non-custodial, hybrid, or app-controlled custody. [Policies](/concepts/policies/quickstart) and sub-organization isolation limit who can sign what.
-- **Trusted vs. untrusted separation:** Verification and execution run only inside secure enclaves. Trusted and untrusted infrastructure are strictly separated so that a breach of your app or backend does not expose keys or signing capability.
+- **Keys never leave the enclave:** Private keys live in
+ [Trusted Execution Environments (TEEs)](/security/secure-enclaves). All derivation and signing
+ happen inside verifiable infrastructure; only signatures are returned.
+ [Remote attestation](https://whitepaper.turnkey.com/architecture) lets you verify enclave
+ integrity. Raw keys are never exposed to your app or to Turnkey.
+- **Authenticator-bound requests:** Every sensitive operation is signed by a user-held authenticator
+ (passkey, email, etc.). The enclave verifies the signature and then performs the operation. No
+ request, no signing; a compromise outside the enclave cannot move funds. See
+ [Authentication Overview](/authentication/overview) for supported methods and
+ [Enclave to end-user secure channel](/security/enclave-secure-channels) for how requests are
+ verified.
+- **Scoped, programmable control:** Choose non-custodial, hybrid, or app-controlled custody.
+ [Policies](/concepts/policies/quickstart) and sub-organization isolation limit who can sign what.
+- **Trusted vs. untrusted separation:** Verification and execution run only inside secure enclaves.
+ Trusted and untrusted infrastructure are strictly separated so that a breach of your app or
+ backend does not expose keys or signing capability.
## Architecture at a glance
-User authentication flows into a signed request to Turnkey. Inside the enclave, the [policy engine](/concepts/policies/overview) evaluates the request; key derivation and signing follow, and only the signature is returned. Your app can then broadcast the transaction through another provider or with [Turnkey Transaction Management](https://docs.turnkey.com/concepts/transaction-management#construction-and-broadcast). For data flow and infrastructure details, see [Embedded Wallets overview](/embedded-wallets/overview) and [Secure enclaves](/security/secure-enclaves).
+User authentication flows into a signed request to Turnkey. Inside the enclave, the
+[policy engine](/concepts/policies/overview) evaluates the request; key derivation and signing
+follow, and only the signature is returned. Your app can then broadcast the transaction through
+another provider or with
+[Turnkey Transaction Management](https://docs.turnkey.com/concepts/transaction-management#construction-and-broadcast).
+For data flow and infrastructure details, see
+[Embedded Wallets overview](/embedded-wallets/overview) and
+[Secure enclaves](/security/secure-enclaves).
- 
+ 
## Example: Neobank-style embedded consumer wallet
@@ -120,6 +176,7 @@ Follow these steps to launch an embedded consumer wallet experience inside your
- [Auth Proxy overview](https://docs.turnkey.com/reference/auth-proxy)
- [Email authentication (OTP)](https://docs.turnkey.com/authentication/email)
- [Passkeys integration](https://docs.turnkey.com/authentication/passkeys/integration)
+
Install and initialize the Turnkey SDK at app startup so sessions and wallet operations are ready immediately.
@@ -128,6 +185,7 @@ Follow these steps to launch an embedded consumer wallet experience inside your
- [Embedded Wallet Kit (React)](https://docs.turnkey.com/sdks/react/getting-started)
- [Embedded Wallet Kit (React Native)](https://docs.turnkey.com/sdks/react-native/getting-started)
+
Build your login/signup flow and gate wallet actions until:
@@ -139,6 +197,7 @@ Follow these steps to launch an embedded consumer wallet experience inside your
- [Wallet authentication guide](/sdks/react/auth)
- [OAuth signup helper](https://docs.turnkey.com/generated-docs/react-wallet-kit/client-context-type-add-oauth-provider)
+
**On first login:**
@@ -152,6 +211,7 @@ Follow these steps to launch an embedded consumer wallet experience inside your
- [Sub-organization customization](/sdks/react/sub-organization-customization)
- [Create wallet](https://docs.turnkey.com/sdks/react/using-embedded-wallets#creating-an-embedded-wallet)
- [Create wallet accounts](https://docs.turnkey.com/sdks/react/using-embedded-wallets#creating-wallet-accounts)
+
Expose wallet functionality directly inside your app.
@@ -165,13 +225,18 @@ Follow these steps to launch an embedded consumer wallet experience inside your
**Import / Export / Recovery (Optional) Docs**
- [Import & Export wallets](https://docs.turnkey.com/wallets/export-wallets)
+
## Next steps
-Ready to build? You can start with the [Embedded Wallets Quickstart](/getting-started/embedded-wallet-quickstart), explore the [Features overview](/embedded-wallets/features/overview), or browse the [Code Examples Hub](/category/code-examples).
+Ready to build? You can start with the
+[Embedded Wallets Quickstart](/getting-started/embedded-wallet-quickstart), explore the
+[Features overview](/embedded-wallets/features/overview), or browse the
+[Code Examples Hub](/category/code-examples).
- 
-
\ No newline at end of file
+ 
+
diff --git a/products/key-management/examples/enterprise-disaster-recovery.mdx b/products/key-management/examples/enterprise-disaster-recovery.mdx
index 8eff4710..b809c5f4 100644
--- a/products/key-management/examples/enterprise-disaster-recovery.mdx
+++ b/products/key-management/examples/enterprise-disaster-recovery.mdx
@@ -1,32 +1,27 @@
---
title: "Enterprise Disaster Recovery"
-description: "Import and recover wallets in Turnkey’s secure enclaves with controlled access. "
+description: "Import and recover wallets with strict access controls. "
---
-This guide covers how to migrate or replicate your wallet infrastructure for incident response,
-provider migration, and wallet backups.
+This guide covers how to backup your wallets on Turnkey for incident response, provider migration,
+and wallet backups.
## Why Turnkey for Enterprise Disaster Recovery?
-Turnkey provides a secure foundation for enterprise disaster recovery that eliminates the tradeoffs
-between security and operability. Our approach combines
+Turnkey provides a secure foundation for disaster recovery. Our approach combines
[secure enclaves](/security/secure-enclaves), end-to-end encryption, and
[programmable policies](/concepts/policies/overview) to ensure recovery material is protected at
rest, in transit, and during use.
## Core principles
-Bulleted list of key components to keep in mind for this solution:
-
- **End-to-end encryption:** All key import material is encrypted directly to Turnkey's secure
enclave using [HPKE (Hybrid Public Key Encryption)](/security/enclave-secure-channels). The
plaintext never exists outside the enclave boundary.
-- **Zero exposure during import:** When importing wallets or private keys, the material is encrypted
- on the user's device before transmission. Turnkey's infrastructure only ever sees encrypted blobs.
- **Cryptographic audit trail:** Every recovery operation during transmission and import is
cryptographically stamped, ensuring that recoveries can not be tampered with along the way.
-- **Policy-based guardrails:** Turnkey’s [policy engine](/concepts/policies/overview) restricts what
- recovered wallets can do, like limiting fund movement to allowed addresses or requiring multiple
+- **Policy-based guardrails:** Turnkey’s [policy engine](/concepts/policies/overview) restricts how
+ wallets are accessed, like limiting fund movement to allowed addresses or requiring multiple
approvals from your organization.
## Direct Import Flow
@@ -40,13 +35,12 @@ Bulleted list of key components to keep in mind for this solution:
## How to Get Started on Enterprise Disaster Recovery with Turnkey
-1. **Secure organization setup and recovery policies**: Create your Turnkey org, configure the root
- quorum, and define recovery policies.
+1. **Secure organization & policy setup**: Create your Turnkey org, configure the root quorum, and
+ define recovery policies.
2. **Set up the Turnkey SDK**: Integrate
[React Wallet Kit](/sdks/react/using-embedded-wallets#importing-and-exporting-wallets) or
[@turnkey/sdk-server](/embedded-wallets/code-examples/import#nodejs) into your application.
3. **Import wallets**: Use handleImportWallet() to import wallet keys into Turnkey's secure enclave.
-4. **Sweep funds to a treasury**: Execute policy-controlled fund movement to approved addresses.
## **Use Cases**
@@ -69,84 +63,47 @@ security foundation for recovery operations:
compromise can trigger unauthorized recovery. See [Policy overview](/concepts/policies/overview)
for setup guidance.
-```json
-{
- "policyName": "DR-Sweep-Only-Policy",
- "effect": "EFFECT_ALLOW",
- "condition": "activity.type == 'ACTIVITY_TYPE_SIGN_TRANSACTION_V2' && eth.tx.to in ['', '']",
- "consensus": "approvers.any(user, user.id == '')"
-}
-```
-
- Distribute authenticators ([passkeys](/authentication/passkeys/introduction), YubiKeys) across
geographic locations if possible
- Define [policies](/concepts/policies/examples/signing-control) that restrict what can be done with
- recovered wallets. For example, limit fund sweeping to pre-approved treasury addresses only:
+ recovered wallets.
### 2. Set up the Turnkey SDK
-Integrate Turnkey into your application to enable wallet import and recovery operations. The React
-Wallet Kit provides a drop-in component that handles the entire import flow, including encryption
-and secure transport.
+Integrate Turnkey into your application to enable wallet import and recovery operations. The
+[NodeJS server SDK](https://github.com/tkhq/sdk/tree/main/examples/import-in-node) is well oriented
+to handle the entire import flow, including encryption and secure transport.
```ts
+import { Turnkey } from "@turnkey/sdk-server";
+import { encryptPrivateKeyToBundle, encryptWalletToBundle } from "@turnkey/crypto";
-import { TurnkeyProvider } from "@turnkey/react-wallet-kit";
-
-const turnkeyConfig = {
- organizationId: process.env.NEXT_PUBLIC_ORGANIZATION_ID!,
- authProxyConfigId: process.env.NEXT_PUBLIC_AUTH_PROXY_CONFIG_ID!,
-};
+const initResult = await turnkeyClient.apiClient().initImportWallet({
+ userId,
+});
-export function Providers({ children }: { children: React.ReactNode }) {
- return (
-
- {children}
-
- );
-}
+const walletBundle = await encryptWalletToBundle({
+ mnemonic,
+ importBundle: initResult.importBundle,
+ userId,
+ organizationId,
+});
```
-For server-side recovery operations, use the
-[@turnkey/sdk-server](/embedded-wallets/code-examples/import#nodejs) package.
-
### 3. Import Wallets
-Use handleImportWallet() to import wallet keys into Turnkey's secure enclave. Behind the scenes, the
-SDK encrypts the mnemonic or private key to Turnkey's enclave public key using
-[HPKE (Hybrid Public Key Encryption)](/security/enclave-secure-channels), transmits the encrypted
-bundle, and the enclave decrypts and stores the key material. Plaintext key material never leaves
-the user's device.
+Use [importWallet()](/generated-docs/core/turnkey-client-import-wallet) to import wallet keys into
+Turnkey's secure enclave. In the last step the SDK encrypts the mnemonic or private key to Turnkey's
+enclave public key using [HPKE (Hybrid Public Key Encryption)](/security/enclave-secure-channels),
+and now transmits the encrypted bundle. The enclave decrypts and stores the key material. Plaintext
+key material never leaves the user's device.
```ts
-const handleImportWallet = async () => {
- const defaultWalletAccounts = ["ADDRESS_FORMAT_ETHEREUM", "ADDRESS_FORMAT_SOLANA"];
-
- await turnkey.handleImportWallet({
- defaultWalletAccounts,
- successPageDuration: 5000,
- });
-};
-```
-
-### 4. Sweep funds to treasury
-
-With policies in place, execute fund movement to approved treasury addresses. See example for sweep
-native ETH
-
-```ts
-const txStatusId = await apiClient.ethSendTransaction({
- transaction: {
- from: "",
- to: "",
- caip2: "eip155:1",
- value: "",
- data: "0x",
- },
-});
-
-const result = await apiClient.pollTransactionStatus({
- sendTransactionStatusId: txStatusId,
+const walletImportResult = await turnkeyClient.apiClient().importWallet({
+ userId: userId,
+ walletName: "Your imported wallet!",
+ encryptedBundle: walletBundle,
+ accounts: [],
});
```
diff --git a/products/key-management/overview.mdx b/products/key-management/overview.mdx
index 63e5d8e1..0e742324 100644
--- a/products/key-management/overview.mdx
+++ b/products/key-management/overview.mdx
@@ -2,40 +2,23 @@
title: "Overview"
---
-Turnkey provides enterprise-grade key management infrastructure built on
-[secure enclaves](/security/secure-enclaves). Store, recover, and manage cryptographic keys with
-programmable access controls, quorum approvals, and end-to-end encryption.
+Turnkey is not just for crypto wallets. Our infrastructure also allows for more generic private key
+management: store, recover, and manage cryptographic keys with programmable access controls, and
+quorum approvals.
With Key Management, you can:
-- Securely store cryptographic keys in hardware-backed secure enclaves
+- Securely store cryptographic keys in hardware-backed
+ [secure enclave infrastructure](/security/secure-enclaves)
- Implement disaster recovery with cryptographic guarantees
- Protect sensitive material like API secrets, credentials, and recovery bundles
-## Secure Enclaves
+## Solutions
-At the foundation of Key Management is Turnkey's
-[secure enclave infrastructure](/security/secure-enclaves). Keys are generated and stored inside
-hardware-backed enclaves, and key material never exists in plaintext outside the enclave boundary.
-
-## What can you build?
-
-| Example | Description |
-| :--------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [Enterprise Disaster Recovery](/products/key-management/examples/enterprise-disaster-recovery) | Recover wallets and cryptographic material when incidents occur or credentials are compromised |
-| [Encryption Key Storage](/products/key-management/examples/encryption-key-storage) | Use Turnkey as a secure key storage and retrieval service to build user-controlled recovery with risk separation between your infrastructure and Turnkey |
-
-## Other use cases
-
-### Secrets management
-
-Store encryption keys in Turnkey that protect API secrets, credentials, or other sensitive
-configuration. Your infrastructure holds the encrypted secrets; Turnkey holds the decryption key.
-
-### Provider migration
-
-[Migrate keys from another custody provider](/getting-started/migration-guide) into Turnkey's secure
-enclaves with no plaintext exposure during transit.
+| Example | Description |
+| :--------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------ |
+| [Enterprise Disaster Recovery](/products/key-management/examples/enterprise-disaster-recovery) | Back up wallets and private keys for disaster scenarios |
+| [Encryption Key Storage](/products/key-management/examples/encryption-key-storage) | Use Turnkey private keys to encrypt sensitive data (e.g., recovery bundles, API secrets, credentials) with simple authentication & policies |
## Next Steps