Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.peach.technology/llms.txt

Use this file to discover all available pages before exploring further.

Peach uses Turnkey as its key management infrastructure. Turnkey is a non-custodial signing platform used by a number of consumer-facing crypto apps to handle private keys without ever exposing them to the application or to Turnkey itself. This page explains, at a high level, what that means for your wallet.

Where your key lives

Your private key is generated and stored inside a secure enclave — a hardware-isolated environment on cloud infrastructure that is specifically designed to keep code and data inaccessible to the operator of the machine.
A secure enclave is a sealed compute environment. Even an administrator with root access to the host server cannot read what is inside. The enclave can only return data — like a signature — that it has been explicitly programmed and authorized to return.
What this means in practice:
  • Your raw private key never appears in plaintext outside the enclave — not on Peach’s servers, not on Turnkey’s servers, and not on your device.
  • Signing happens inside the enclave. The enclave returns a signed transaction, never the key.
  • Communication between your device and the enclave is end-to-end encrypted, so the key material is protected in transit as well as at rest.

How authorization works

The enclave will only sign when it is presented with a valid authorization. For a Peach wallet, that authorization is tied to your sign-in account (typically Google or Apple) and the device you use Peach on.
1

You initiate an action in the app

For example, swapping a token or confirming a perp order.
2

Peach prepares the transaction

The app builds the transaction payload and shows it to you for review.
3

You authenticate

Depending on your settings, this may be Face ID, Touch ID, a passcode, or a fresh sign-in challenge.
4

The enclave signs

Your authentication is presented to Turnkey, which instructs the enclave to produce a signature for the specific transaction you approved.
5

Peach broadcasts the signed transaction

The result is sent on-chain. The key never leaves the enclave at any step.

Why no seed phrase?

Traditional self-custody wallets ask you to write down a 12- or 24-word seed phrase. That phrase is your private key — anyone with it can drain your wallet, and losing it means losing the wallet forever. Peach uses enclave-based key management instead so that:
  • There is no seed phrase for you to lose, photograph, or get phished out of.
  • You can sign in on a new device using the same social account, without ever exposing key material.
  • The same self-custody guarantees still apply — Peach still cannot move your funds.
The trade-off is that your wallet is bound to the account you used to sign in. If you permanently lose access to that account, you may lose access to the wallet. Treat the sign-in account accordingly.

Verifying for yourself

Turnkey publishes its security architecture, including details on enclave attestation and its policy engine, at docs.turnkey.com. Anyone can read the design and reason about its guarantees independently of Peach.