Skip to content

docs: add cast keychain reference page #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
grandizzy merged 5 commits into from
Apr 14, 2026
Merged

docs: add cast keychain reference page #276

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
add95f5
docs: add cast keychain reference page
decofe Apr 10, 2026
992fadc
docs: merge cast keychain into foundry index page
decofe Apr 14, 2026
2cf8f86
Merge branch 'main' into rusowsky/cast-keychain-docs
jenpaff Apr 14, 2026
696478c
docs: strip cast keychain to match existing cast command style
decofe Apr 14, 2026
e048476
Merge branch 'main' into rusowsky/cast-keychain-docs
grandizzy Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions src/pages/sdk/foundry/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,4 +315,74 @@ The following flags are available for `cast` and `forge script` for Tempo-specif

Ledger and Trezor wallets are not yet compatible with any `--tempo.*` option.

## cast keychain

`cast keychain` provides a CLI interface to Tempo's [Account Keychain precompile](/protocol/transactions/AccountKeychain).

:::info
`cast keychain` only works on Tempo networks.
:::

```bash
# Authorize a new access key (signature types: secp256k1, p256, webauthn; expiry 0 = never):
cast keychain authorize <KEY_ID> secp256k1 0 \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Authorize with a spending limit (TOKEN:AMOUNT or TOKEN:AMOUNT:PERIOD_SECONDS):
cast keychain authorize <KEY_ID> secp256k1 0 \
--limit <TOKEN_ADDRESS>:1000000 \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Authorize with call scopes (restrict to specific contracts/functions):
cast keychain authorize <KEY_ID> secp256k1 0 \
--scope <TOKEN_ADDRESS>:transfer,approve \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Authorize with call scope restricted to a specific recipient:
cast keychain authorize <KEY_ID> secp256k1 0 \
--scope <TOKEN_ADDRESS>:transfer@<RECIPIENT_ADDRESS> \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Full example: 24h expiry + spending limit + call scope:
EXPIRY=$(($(date +%s) + 86400))
cast keychain authorize <KEY_ID> secp256k1 $EXPIRY \
--limit <TOKEN_ADDRESS>:1000000 \
--scope <TOKEN_ADDRESS>:transfer \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Revoke an access key (permanent, cannot be re-authorized):
cast keychain revoke <KEY_ID> \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Update spending limit for a key-token pair:
cast keychain update-limit <KEY_ID> <TOKEN_ADDRESS> <NEW_LIMIT> \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Replace all call scopes for a key:
cast keychain set-scope <KEY_ID> \
--scope <TOKEN_ADDRESS>:transfer \
--scope <CONTRACT_ADDRESS> \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Remove a target contract from allowed call list:
cast keychain remove-scope <KEY_ID> <TARGET_ADDRESS> \
--rpc-url $TEMPO_RPC_URL \
--private-key $PRIVATE_KEY

# Query key info (read-only):
cast keychain key-info <ACCOUNT> <KEY_ID> \
--rpc-url $TEMPO_RPC_URL

# Query remaining spending limit:
cast keychain remaining-limit <ACCOUNT> <KEY_ID> <TOKEN_ADDRESS> \
--rpc-url $TEMPO_RPC_URL
```

Loading