Key export settings
The key export setting controls whether your dapp can retrieve a user's private key programmatically through the Embedded Wallets SDK.
Export types
| Type | Always available | Configurable |
|---|---|---|
| Manual (wallet UI) | Yes | No — always on |
Programmatic (private_key method) | No | Yes — toggle in Project Settings |
Manual export is always available through the built-in wallet interface. Users initiate it themselves; your dapp has no control over it.
Enable or disable programmatic export
- Navigate to Project Settings → Advanced → Key export.
- Toggle Enable key export.
- Save to apply.
When enabled, your dapp can retrieve the user's private key using the private_key JSON-RPC method on the auth adapter:
const privateKey = await web3auth.provider.request({
method: 'private_key',
})
When disabled, calling private_key throws an error. Manual export through the wallet UI remains available.
Never store or transmit a private key in plaintext. Retrieve it only when necessary, process it immediately, and clear it from memory afterward.
When to disable programmatic export
Disable programmatic key export for consumer-facing dapps, dapps handling high-value assets, and regulated financial services. Most dapps do not need it — signing transactions through web3auth.provider does not require key export.
Next steps
- Session management — control session lifetime
- User details in ID token — control what PII appears in JWT tokens
- Project settings — general project configuration