Session Keys

Instead of giving an agent broad wallet access, Sail uses session keys: temporary keys that can sign transactions only within a defined scope. This is what lets your agent operate continuously while keeping you in control.

Why session keys exist

Without session keys, you’d need to manually approve every action:

• reallocations across yield sources

• claims of protocol rewards

• swaps into supported stablecoins

• bridging across networks (if enabled)

Session keys make those actions possible while preserving a “least-privilege” model.

What session keys can be scoped to

A session key is granted with limits such as:

• Networks (where it can execute)

• Stablecoins (what assets it can use)

• Protocols / yield sources (where it can allocate)

• Actions (yield, swaps, bridges, claim rewards)

• Constraints (transaction rules and safety checks enforced by your configuration)

Personalization is how you define this scope. If you want “lending-only” or “no bridging,” session keys enforce that.

Lifecycle: how session keys work in practice

1. You choose default permissions or personalize your own.

2. Sail shows the permissions you’re about to grant.

3. You sign to authorize the session key(s).

4. The agent can now execute within that scope.

5. You can update or revoke permissions anytime (which replaces or removes session keys).

What happens if a session key is removed or expires

If a key is revoked or no longer valid, the agent simply cannot execute. Your funds remain in your Sail Account. To resume automation, you sign a new set of permissions.

Your safety guarantees

• No blanket custody: session keys are not “take over the wallet” permissions.

• Revocable: you can shut off the agent by revoking permissions.

• Scoped: the agent can only do what you approved, on the venues you approved.

• Transparent: you see what you sign in the UI before granting access.

If anything ever looks unclear, use in-app chat or Telegram to ask what a permission does before signing.