Portal-Managed Backups
Portal lets you securely back up your users’ MPC wallets so they can recover their wallets even if their device is lost or damaged. By default, Portal encrypts and stores both backup shares (“Portal-Managed Backups”):- The client backup share is encrypted on the user’s device, with the encryption key stored using their chosen backup method (Google Drive, iCloud, Password, or Passkey). The encrypted share is then stored by Portal.
- The custodian backup share is encrypted and stored by Portal, with the encryption key stored in our KMS infrastructure.
By default, Portal manages storing both the encrypted client backup share and the custodian backup share for you. If you prefer to store and manage the backup shares in your own infrastructure instead of using Portal-Managed Backups, see our Self-Managed Backups guide.
Backup Methods
You can choose one or more backup methods for storing the encryption key for the client backup share.Passkey + Enclave
Your Portal clients can create a passkey to authenticate and manage the private encryption key within a secure enclave.Implementation Requirements
- Initialize the
Portal
class with a passkey object. - Call backup with the Passkey backup method argument.
Password/PIN
Your Portal clients can create a password/PIN. They can either remember the password or store it in a password storage manager.Implementation Requirements
- Create a UI for password input.
- Enforce password requirements. Customer can choose between password, PIN code, passcode, or any other text-based input.
- If the user forgets their password, there are no additional recovery options.