Wallet-as-a-Service (Palisade) uses Multi-Party Computation (MPC) to protect wallet private keys. Instead of storing a complete key in one place, MPC splits the key into shards distributed across multiple devices. To sign a transaction, a minimum number of those devices must participate.
Before you can create a wallet, you must:
- Add and pair at least 2 devices.
- Create an MPC quorum from those devices.
Sandbox environments also support HSM-based wallets, which don't require devices or quorums. If you want to skip this step and test basic platform features in sandbox first, you can select HSM when you create your first wallet. For production, MPC is required.
Wallet-as-a-Service (Palisade) supports two types of signing device. You can use either type or a mix of both.
| Mobile (Palisade Mobile) | CloudSign | |
|---|---|---|
| How it signs | Manual — you review and approve each transaction on your phone | Automatic — signs programmatically without manual review |
| Best for | Low-volume wallets that need human oversight per transaction | High-volume or API-driven wallets that need fast throughput |
| Can approve transactions? | Yes | No (signing only) |
| Platform | iOS (Android coming soon) | Any cloud instance (AWS, GCP, Azure, on-premises) |
See Types of devices for a full comparison.
For sandbox testing, a CloudSign-only quorum is the fastest path to your first transaction. You can set up mobile devices later when you move to production.
Add at least 2 devices to your organization. You can mix mobile and CloudSign devices.
The Devices page has two tabs: Internal for devices owned by your organization, and External for devices shared with you by other organizations.
- Navigate to the Devices section in the Wallet-as-a-Service (Palisade) console.
- Click Add new device.
- Select the device type (Mobile or Cloud).
- In the Name this device field, enter a name that identifies the device (for example, "CFO Mobile" or "CloudSign Node 1").
- Click Save and continue.
- Repeat until you have at least 2 devices.
New devices start in an Unpaired state. You must pair each device before it can join a quorum.
- After you add the mobile device, the console displays a QR code.
- Open the Wallet-as-a-Service (Palisade) Mobile app on your phone.
- Scan the QR code.
- The device status changes to Waiting for approval.
- An admin approves the device pairing in the console.
- The device status changes to Paired.
If you want to test with mobile devices in sandbox, contact the Wallet-as-a-Service (Palisade) team to receive a sandbox version of the app.
- After you add the CloudSign device, the console displays a pairing key.
- Copy the pairing key.
- Set up and run your CloudSign node and enter the pairing key when prompted.
- The device status changes to Waiting for approval.
- An admin approves the device pairing in the console.
- The device status changes to Paired.
You need at least 2 fully paired devices to create a quorum. Make sure all devices show a Paired status before you continue to Step 3.
An MPC quorum defines which devices hold key shards and how many must participate to sign a transaction.
- Navigate to Controls > MPC Quorums.
- Click Create quorum.
- Select the quorum type:
- Mobile — all devices are mobile.
- Cloud — all devices are CloudSign.
- Enter a name and description for the quorum.
- (Optional) Configure a Backup and recovery kit strategy.
- Under Key shard holders, select at least 2 paired devices.
- Set the minimum number of required signatories.
Always set the minimum signatories to at least one fewer than the total number of devices. If you require all devices (for example, 2 of 2), losing or decommissioning a single device means you permanently lose the ability to sign transactions from wallets using that quorum. For example, if your quorum has 3 devices, set the minimum to 2. This gives you fault tolerance — you can still sign even if one device is unavailable, lost, or compromised.
- Click Create.
- Review the quorum details and click Create quorum to confirm.
- Each device in the quorum receives a notification to approve. All devices must approve within 60 minutes.
- After all devices approve, the quorum status changes to Confirmed.
If any device rejects the notification or the 60-minute window expires, the quorum is not created and you must start over. Coordinate with all device owners before you create the quorum so they're ready to approve promptly.
Use 3 or more CloudSign devices. Transactions sign automatically within seconds. Pair this configuration with approval groups to add human oversight without slowing down signing.
Use 3 or more mobile devices. Every transaction requires manual review and approval on each signer's phone. This provides maximum oversight but limits throughput.
Mobile devices must sign within 5 minutes of receiving a transaction notification. If too few devices respond in time, the transaction fails.
See MPC quorums for advanced configuration, key resharing, and key restructuring.
Create a vault to organize your wallets: