For the complete documentation index, see llms.txt
:::note
This guide is meant to help you quickly bootstrap with Seal. Before deploying your app to production or Mainnet, review the full Seal documentation to understand the design, security best practices, and operational requirements.
:::
Seal makes it simple to add decentralized encryption and programmable access control to your Web3 applications. Follow these steps to get started:
1. Install the Seal SDK
Seal provides a TypeScript SDK for easy integration. Install it from npm:
npm install @mysten/seal
Reference: SDK on NPM
2. Choose key servers in Testnet
Seal relies on a committee of key servers to generate threshold-based decryption keys.
3. Define your access policy
Access policies are written as Move modules on Sui. Examples include:
See Example patterns to help you get started.
4. Encrypt your data
Use the SDK to encrypt data before storing it:
const { encryptedObject: encryptedBytes, key: backupKey } = await client.encrypt({
threshold: 2,
packageId,
id,
data,
});
Learn more in the Encryption Guide.
5. Store encrypted data
Store your encrypted content in Walrus (using the HTTP API or one of the SDKs), Sui (as Objects), or any storage of your choice.
6. Decrypt data with access control
When a user requests access, Seal checks your onchain policy. If approved, decryption keys are provided to meet the threshold.
// Create the Transaction for evaluating the seal_approve function.
const tx = new Transaction();
tx.moveCall({
target: `${packageId}::${moduleName}::seal_approve`,
arguments: [
tx.pure.vector("u8", fromHEX(id)),
// other arguments
]
});
const txBytes = tx.build( { client: suiClient, onlyTransactionKind: true })
const decryptedBytes = await client.decrypt({
data: encryptedBytes,
sessionKey,
txBytes,
});
Learn more in the Decryption Guide.