Skip to main content

Documentation Index

Fetch the complete documentation index at: https://core.vanish.trade/llms.txt

Use this file to discover all available pages before exploring further.

Logo

Turnkey Secure Enclaves

Vanish’s signing infrastructure is powered by Turnkey - wallet infrastructure built on hardware Trusted Execution Environments (TEEs). Private material is never stored unencrypted and is never exposed to Vanish, Turnkey, or any external process. Turnkey’s enclaves are highly constrained compute environments that can cryptographically attest to the code running inside. They are designed with:
  • No persistent storage
  • No interactive access
  • No external networking
In Turnkey’s architecture, a standard host instance receives network traffic and calls into the enclave. The enclave’s only connection is a virtual serial link to the host and its own secure co-processor - the Nitro Security Module. Encrypted private key ciphertext is persisted by Turnkey and decrypted only within a secure enclave running verified Turnkey applications. Raw private keys never leave the enclave.
Deployment

QuorumOS & Remote Attestation

Turnkey’s enclave stack runs QuorumOS - a minimal, immutable Linux unikernel designed for high-security environments with:
  • A deterministic build system for reproducible, auditable artifacts
  • An initialization and attestation framework ensuring only authorised code runs inside the enclave
  • No mutable state, no interactive shell, no external access surface
Turnkey also uses remote attestation so an enclave can cryptographically prove its identity and integrity. The enclave produces a signed quote containing measurements of its code and configuration - only quotes signed by a hardware root of trust (the AWS Nitro Security Module) are considered valid.

What This Means for Vanish Users

  • Vanish never holds user private keys. All signing happens inside the enclave, initiated only by the user’s authenticated request.
  • No human approval in the loop. All processes are fully automated - neither Vanish nor Turnkey can initiate or approve a transaction on behalf of a user.
  • Integrating Vanish introduces no additional custodial risk to your platform or your users.
  • Audited by Halborn. An independent security audit of Vanish’s infrastructure was conducted by Halborn, one of the leading blockchain security firms, trusted by Solana, Avalanche, and Coinbase.
  • Operational security by Groom Lake. Staffed by NSA and CIA veterans, Groom Lake provides live threat monitoring, penetration testing, incident response, and global intelligence support.
Learn more: Turnkey security model · Halborn · Groom Lake