Guides
SupportStatusSign UpLogin

🔓 KMS

Tatum Key Management System (KMS): Secure Blockchain Custodial Solutions - manage and automate blockchain credentials with enhanced safety and efficiency.

Suggest Edits

Overview

The Tatum Key Management System (KMS) is a comprehensive tool for developers creating custodial blockchain applications. It securely handles private keys and mnemonics, ensuring all transactions are signed locally without exposing sensitive data. End-users can simply log in to your app with their credentials, and KMS takes care of the rest.

KMS Features

  • Secure Storage: Ensures the safety of private keys and mnemonics in an encrypted environment to protect credentials and sensitive data.
  • Automated Transactions: Manages and broadcasts blockchain transactions automatically, enhancing transaction reliability. KMS periodically pulls pending transactions to sign from Tatum Cloud, signs them locally using stored private keys, and broadcasts them to the blockchain.

It is designed to efficiently scale with your application needs without compromising performance.

Learn more about how Tatum KMS can enhance your application by visiting our installation guide and exploring the capabilities further on our functionalities page.

Disclaimer

By using KMS, it is assumed that you, the User, have extensive blockchain knowledge and are an experienced developer.

  1. Key Security Facts
    • Tatum does not store PrivateKeys or Mnemonics.
    • KMS is a self-custodial solution where Tatum does not have access to the user's KMS, by design.
    • Wallet storage is encrypted with an AES cipher and stored on your local server. You must enter your password to unlock wallet storage.
      • The password encrypts Mnemonics and PrivateKeys inside the wallet storage file.
      • The default wallet storage file name is wallet.dat.
  2. Why Tatum Cannot Troubleshoot Signed Transactions
    • Transactions signed via KMS bypass Tatum’s logs and are directly broadcast to the blockchain.
    • If a malformed transaction is sent for signing, it may still return a "successful" response from Tatum's API or SDK, as Tatum does not log payloads of "successful" HTTP 200 requests.
    • If the blockchain rejects the transaction, the error message will be returned to your KMS instance, not to Tatum.

❗️

Warning

Keeping track of logs: You must keep track of the original request logs, including the payload, if you expect Tatum to assist with troubleshooting failed transactions.

Critical Warnings

  1. Losing wallet.dat can be catastrophic
    The security and storage of wallet.dat are solely your responsibility. If this file is lost or becomes irrecoverable:
    • You will lose access to your Mnemonics and PrivateKeys.
    • Tatum cannot help you recover your assets.
  2. Losing your KMS password means permanent loss
    If you lose your KMS password, you will permanently lose access to all Mnemonics and PrivateKeys stored in wallet.dat.
    • Tatum does not store or recover passwords.
    • Tatum cannot help recover lost access to encrypted wallet files.

🚧

Attention

We encourage users to take necessary precautions to back up their data securely.

Updated 4 months ago