QubicKit Docs
SDKWallets

Secret Storage

Encrypt seeds with AES-GCM and manage guardrails safely.

Secret storage

encryptWalletSeed / decryptWalletSeed provide symmetric encryption for seeds. They use PBKDF2 (with random salt) + AES-GCM (with random IV) so you can store the payload in a JSON file or KMS vault.

Encrypting a seed

import { encryptWalletSeed } from "@qubiq/sdk";
import { writeFile } from "node:fs/promises";

const payload = encryptWalletSeed(process.env.QUBIQ_SEED!, "vault-password");
await writeFile("./secrets/qubic.json", JSON.stringify(payload, null, 2));

Decrypting on startup

import { decryptWalletSeed } from "@qubiq/sdk";
const payload = JSON.parse(await readFile("./secrets/qubic.json", "utf8"));
const seed = decryptWalletSeed(payload, process.env.SECRET_PASSWORD!);

Combine with resolveWallet({ encryptedSeed, passphrase }) to avoid ever exposing the plaintext seed in code.

Guardrail persistence

When you compute guardrails via extractGuardrails, serialize them alongside your wallet metadata so automation jobs keep the same tick offsets:

const { guardrails } = await resolveWallet({ seed });
await writeFile("./config/guardrails.json", JSON.stringify(guardrails));

Later, feed the same guardrails object into prepareSignedTransfer to maintain consistent tick drift even if a service restarts.

HD Path Recipes

Common derivation schemes for QubicKit wallets.

Transfer Helpers

Sign and broadcast Qubic transfers with one function call.

On this page

Secret storageEncrypting a seedDecrypting on startupGuardrail persistence