# Trusted Execution and Local Key Custody

Local Custody Intent

OpenShard's runtime architecture is designed around local key custody — key material is held by operators and clients in their own runtime environments rather than being delegated to or escrowed by any third-party service. The buyer's wallet manager resolves per-user wallet secrets through an internal API and derives commitment-backed wallet objects from them. No central service in the OpenShard network holds buyer key material on behalf of requesting parties.

This design is intentional. The moment key material is handed to an external service, even a trusted one, the privacy guarantees that depend on that key material become contingent on that service's security posture, logging practices, and operational behavior. By keeping keys local to the buyer process, OpenShard avoids introducing a central point of key exposure.

Seller Key Management

The seller's static keypair — used for ECDH session key decryption — is held in the seller's local configuration environment and loaded through environment variables at process startup. The static private key never leaves the seller process boundary. Its scope of use is limited to the ECDH operation: it is not used for signing payment transactions, submitting on-chain state on Base, or any other purpose. Restricting key usage to a single cryptographic operation reduces the blast radius of any key exposure event.

Secret Isolation and Environment Segregation

The project's environment management guidelines require per-environment .env file segregation across local development, simulation, staging, and production. Sensitive runtime inputs — seller private keys, upstream API keys, internal API tokens, and RPC endpoint URLs — must not appear in repository files, commit history, or application logs under any environment configuration. Audit log outputs carry configurable sensitivity levels, and log redaction for request-sensitive fields is included in the documented production hardening baseline.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openshard.ai/core-concepts/privacy-mechanism/trusted-execution-and-local-key-custody.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.