seal

For the complete documentation index, see llms.txt

Seal pricing

Choose your own key server providers: Seal supports both independent server type and decentralized (committee) server type key servers. Builders can select any combination of providers to form their preferred threshold configuration for encryption and decryption.
Transparent pricing and features: Each key server provider sets their own pricing and rate limits based on their service model. Builders can evaluate and choose based on what best fits their application needs.
Curated discoverability: This documentation lists a verified set of providers along with available links to their configuration details, terms, and pricing, so you can integrate with confidence.

Verified key servers

To understand how to use these key servers in the Seal SDK, see Using Seal. To understand the different types of servers and their use cases, see Seal Server Overview.

Verified independent server type key servers

The key servers listed below are independent server type operators running in either Open or Permissioned mode.

A key server in Open mode lets anyone request keys for any access policy package, using a shared master key. It is ideal for public or trial use.
A key server in Permissioned mode restricts access to approved access policy packages per client, each with a dedicated master key, and supports secure key server rotation or switching when needed. It is designed for dedicated or commercial use.

Testnet

Mysten Labs: The following key servers are configured using the Open mode and freely available for experimentation, development, and testing. A source-based rate limit is configured which cannot be changed for any client.
- mysten-testnet-1 (Open mode)
  - Object ID: 0x73d05d62c18d9374e3ea529e8e0ed6161da1a141a94d3f76ae3fe4e99356db75
  - URL: https://seal-key-server-testnet-1.mystenlabs.com
- mysten-testnet-2 (Open mode)
  - Object ID: 0xf5d14a81a982144ae441cd7d64b09027f116a468bd36e7eca494f750591623c8
  - URL: https://seal-key-server-testnet-2.mystenlabs.com
Ruby Nodes:
- Open mode
  - URL: https://seal-testnet.api.rubynodes.io
  - Object ID: 0x6068c0acb197dddbacd4746a9de7f025b2ed5a5b6c1b1ab44dade4426d141da2
- Permissioned mode
  - URL: https://starter-eu-central-1.api.rubynodes.io
  - Contact the provider to configure your client and generate a unique key server object ID
NodeInfra:
- Open mode
  - URL: https://open-seal-testnet.nodeinfra.com
  - Object ID: 0x5466b7df5c15b508678d51496ada8afab0d6f70a01c10613123382b1b8131007
- Permissioned mode
  - URL: https://seal-testnet.nodeinfra.com
  - Contact the provider to configure your client and generate a unique key server object ID
Studio Mirai:
- Open mode
  - URL: https://open.key-server-testnet.seal.mirai.cloud
  - Object ID: 0x164ac3d2b3b8694b8181c13f671950004765c23f270321a45fdd04d40cccf0f2
- Permissioned mode
  - URL: https://private.key-server.testnet.seal.mirai.cloud
  - Contact the provider to configure your client and generate a unique key server object ID
Overclock:
- Open mode
  - URL: https://seal-testnet-open.overclock.run
  - Object ID: 0x9c949e53c36ab7a9c484ed9e8b43267a77d4b8d70e79aa6b39042e3d4c434105
- Permissioned mode
  - URL: https://seal-testnet-permissioned.overclock.run
  - Contact the provider to configure your client and generate a unique key server object ID
H2O Nodes
- Open mode
  - URL: https://seal-open.sui-testnet.h2o-nodes.com
  - Object ID: 0x39cef09b24b667bc6ed54f7159d82352fe2d5dd97ca9a5beaa1d21aa774f25a2
- Permissioned mode
  - URL: https://seal-permissioned.sui-testnet.h2o-nodes.com
  - Contact the provider to configure your client and generate a unique key server object ID
Triton One
- Open mode
  - URL: https://seal.testnet.sui.rpcpool.com
  - Object ID: 0x4cded1abeb52a22b6becb42a91d3686a4c901cf52eee16234214d0b5b2da4c46
- Permissioned mode
  - URL: https://seal.testnet.sui.rpcpool.com/private
  - Contact the provider to configure your client and generate a unique key server object ID
Natsai
- Open mode
  - URL: https://seal-open-test.natsai.xyz
  - Object ID: 0x3c93ec1474454e1b47cf485a4e5361a5878d722b9492daf10ef626a76adc3dad
- Permissioned mode
  - URL: https://seal-perm-test.natsai.xyz
  - Contact the provider to configure your client and generate a unique key server object ID
Mhax.io
- Open mode
  - URL: https://seal-testnet-open.suiftly.io
  - Object ID: 0x6a0726a1ea3d62ba2f2ae51104f2c3633c003fb75621d06fde47f04dc930ba06
- Permissioned mode
  - URL: https://seal-testnet.suiftly.io
  - Contact the provider to configure your client and generate a unique key server object ID

:::note

Testnet key servers are provided for developer testing only and do not come with availability guarantees, SLAs, or assurances regarding long-term key persistence. Avoid using them to encrypt data you expect to access reliably in the future.

:::

:::note

The URL for any listed key server can change over time. What matters is the Object ID, which points to the onchain key server object. That object always holds the latest URL as the source of truth.

:::

Mainnet

Reach out to these verified key server providers:

Ruby Nodes
NodeInfra
Overclock
Studio Mirai
H2O Nodes
Triton One
Natsai
Enoki by Mysten Labs
- Sign up for Enoki, create your account, and request Seal key server access using the form in your dashboard.

Verified decentralized key servers

Decentralized key servers provide distributed trust through multiple committee members, with an aggregator handling client requests. These servers offer committee member rotation and better liveness guarantees.

Testnet

Committee key server object ID: 0xb012378c9f3799fb5b1a7083da74a4069e3c3f1c93de0b27212a5799ce1e1e98
Aggregator URL: https://seal-aggregator-testnet.mystenlabs.com

This committee is set up as a 3 out of 5 threshold committee with the following members:

The aggregator is ran by Mysten Labs. Basic Testnet usage does not require API credentials.

Mainnet

Available soon.

This site is open source. Improve this page.