Non-custodial user wallets
This is the most common configuration. Users are the custodians of their wallets, and your company is not.| Slot | Recommended signers |
|---|---|
| Operational signers | Device key Passkey |
| Recovery signers | Email OTP SMS OTP (optional) Managed support center (optional) |
Custodial user wallets
If you want to take custody over user wallets, two common approaches are: (1) you act as custodian, or (2) a licensed third-party custodian acts as custodian.You are the custodian
You hold the operational signer in your infrastructure and sign operations on behalf of users.| Slot | Recommended signers |
|---|---|
| Operational signers | Server key (lower risk / early stage) Cloud KMS (recommended for production) |
| Recovery signers | Cloud KMS (recovery) (separate account/region recommended) Externally custodied key (optional) Managed support center (optional) |
Licensed third-party custodian
A licensed custodian holds the keys and operates the wallet. This can provide custodial features without your company taking custody directly. Each custodian has specific integration requirements and signer configurations that depend on their infrastructure and compliance model.Crossmint can help you set up a third-party custodian integration. Contact our team to get started.
Treasury wallets
Treasury wallets typically prioritize strong controls, auditability, and operational safety.| Slot | Recommended signers |
|---|---|
| Operational signers | Cloud KMS |
| Recovery signers | Cloud KMS (recovery) (separate account/region recommended) Externally custodied key (optional) Managed support center (optional) |
Agent wallets
Custody for AI agents depends on where the agent runs and who can access its runtime environment.User-hosted agents
When an agent runs in a user-controlled environment (for example, self-hosted), the user should remain the custodian.| Slot | Recommended signers |
|---|---|
| Operational signers | Server key (user-managed) Cloud KMS (user-managed) |
| Recovery signers | Email OTP (optional) Externally custodied key |
Platform-hosted agents
When you host agents on behalf of users, the key principle is to avoid a configuration where the platform host can unilaterally control agent wallets. A common pattern is to use narrowly-scoped operational signers and require explicit user authorization for higher-risk actions.| Slot | Recommended signers |
|---|---|
| Operational signers | Passkey (user confirmation for sensitive actions) Server key (customer-managed, scoped permissions) |
| Recovery signers | Email OTP Managed support center (optional) |
Scoped custody
Some products need a self-custodial user wallet plus a limited, revocable company signer (for example, for repayments, subscriptions, or card settlement).| Slot | Recommended signers |
|---|---|
| Operational signers | User: Device key or Passkey Company (scoped, revocable): Server key or Cloud KMS |
| Recovery signers | User recovery: Email OTP (recommended) Optional hard fallback: Externally custodied key |
Whether a scoped company signer makes your company a custodian depends on whether you can unilaterally execute or block transactions and whether the user can revoke your access. See Custody modalities for the definition.