Getting started with Session Keys
@account-kit/smart-contracts
exports all of the definitions you need to use session keys with a Modular Account. We provide a simple SessionKeySigner
class that generates session keys on the client and can be used as the signer
for the Multi Owner Modular Account.
We also export the necessary decorators which can be used to extend your modularAccountClient
to make interacting with session keys easy.
Usage
Let’s take a look at a full example that demonstrates how to use session keys with a Modular Account.
Breaking it down
Determine where the session key is stored
Session keys can be held on the client side or on a backend agent. Client side session keys are useful for skipping confirmations, and agent side keys are useful for automations.
In the above example, we use a client-side key using the SessionKeySigner
exported from @account-kit/smart-contracts
.
If you are using backend agent controlled session keys, then the agent should generate the private key and send only the address to the client. This protects the private key by not exposing it to the user.
Extend your client with Modular Account Decorators
The base modularAccountClient
and AlchemymodularAccountClient
, only include base functionality for sending user operations. If you are using a ModularAccount
, then you will want to extend your client with the various decorators exported by @account-kit/smart-contracts
.
Check if the Session Key Plugin is installed
Before you can start using session keys, you need to check whether the user’s account has the session key plugin installed. You can perform this check using the account loupe decorator, which lets you inspect the state of installed plugins on a Modular Account.
Install the Session Key Plugin
If the Session Key Plugin is not yet installed, you need to install it before it can be used. To simplify the workflow, it is also possible to batch the plugin installation along with creating session keys and performing other actions, which combines all of these steps into one user operation.
Construct the initial set of permissions
Session keys are powerful because of permissions that limit what actions they can take. When you add a session key, you should also specify the initial permissions that apply over the key.
See the Supported Permissions page for more information on how to used the permissions builder.
Let’s use the permission builder to build a set of permissions that sets a spend limit:
Managing Session Keys
The Session Key Plugin allows you to:
- Add session keys, and set the key’s initial permissions.
- Remove session keys.
- Update key permissions.
- Rotate session keys. This action replaces the previous session key with a new session key, while keeping the existing permissions.
Add a Session Key
Session keys can be added either during installation, or using the addSessionKey
function.
Remove a Session Key
Session keys can be removed using the removeSessionKey
function.
Update a Key’s permissions
Session key permissions can be edited after creation using the updateKeyPermissions
function. Note that you should configure initial permissions when the key is added, and not rely on a second user operation to set the permissions.
Rotate a Session Key
If the key is no longer available, but there exists a tag identifying a previous session key configured for your application, you may instead choose to rotate the previous key’s permissions. This can be performed using rotateKey
.