Vault TEE Service

Secure NFT custody service powered by Phala Trusted Execution Environment.

Overview

Located at services/verifiable-wallet-service, this service provides:

• Secure NFT storage and transfers
• Private key protection inside TEE enclave
• On-chain transaction signing
• Vault inventory management

Security Model

• Private keys never leave Intel TDX enclave
• Remote attestation proves hardware security
• Cryptographic signing on all transfers
• Cannot be compromised by software attacks

API Endpoints

Get Public Key

GET /public-key

Returns the vault's public wallet address.

Transfer NFT

POST /transfer-nft

Transfers an NFT from the vault to a recipient wallet.

Supported Chains

• Solana
• Base

Integration

Vault service is used by:

• Livestream Server (raffle prize transfers)
• Marketplace API (pack opening transfers)
• Buyback system (card returns)

Running Locally

cd services/verifiable-wallet-service
pnpm dev

Environment

Required variables:

• TEE_VAULT_API_KEY - Authentication for service calls

Next Steps

• Randomness TEE - Verifiable randomness
• Livestream Server - Usage in raffles