# Session Keys Instead of giving an agent broad wallet access, Sail uses **session keys**: temporary keys that can sign transactions **only within a defined scope**. This is what lets your agent operate continuously while keeping you in control. #### Why session keys exist Without session keys, you’d need to manually approve every action: * reallocations across yield sources * claims of protocol rewards * swaps into supported stablecoins * bridging across networks (if enabled) Session keys make those actions possible while preserving a “least-privilege” model. #### What session keys can be scoped to A session key is granted with limits such as: * **Networks** (where it can execute) * **Stablecoins** (what assets it can use) * **Protocols / yield sources** (where it can allocate) * **Actions** (yield, swaps, bridges, claim rewards) * **Constraints** (transaction rules and safety checks enforced by your configuration) Personalization is how you define this scope. If you want “lending-only” or “no bridging,” session keys enforce that. #### Lifecycle: how session keys work in practice 1. You choose default permissions or personalize your own. 2. Sail shows the permissions you’re about to grant. 3. You sign to authorize the session key(s). 4. The agent can now execute within that scope. 5. You can update or revoke permissions anytime (which replaces or removes session keys). #### What happens if a session key is removed or expires If a key is revoked or no longer valid, the agent simply **cannot execute**. Your funds remain in your Sail Account. To resume automation, you sign a new set of permissions. #### Your safety guarantees * **No blanket custody:** session keys are not “take over the wallet” permissions. * **Revocable:** you can shut off the agent by revoking permissions. * **Scoped:** the agent can only do what you approved, on the venues you approved. * **Transparent:** you see what you sign in the UI before granting access. If anything ever looks unclear, use in-app chat or Telegram to ask what a permission does before signing. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sail.money/security/permissions-and-keys/publish-your-docs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.