Programmable key management · Verifiable compute · One API call
Confidentially run JavaScript inside a TEE, sign with network-managed wallets, and return cryptographically verifiable results.
No private keys to secure, no servers to run.
Chipotle is a REST API and web dashboard for confidential compute and programmable key management. It comprises three composable layers:
- TEE Enclave — holds the root key, derives signing and encryption keys on demand, and executes sandboxed JavaScript. Nothing that touches key material ever leaves the enclave.
- On-Chain Permissions (Base) — all authorization state lives on-chain: accounts, API key scopes, PKP registrations, and groups.
- Lit Actions (IPFS) — immutable JavaScript programs stored by content ID (CID). Public, content-addressed, tamper-proof.
Think of it as serverless functions that can hold private keys.
|
Write a Lit Action in plain JavaScript. It can sign transactions, encrypt and decrypt secrets, read on-chain state, fetch external APIs, and return cryptographically signed proofs — all governed by on-chain permission groups. |
A REST API with a JS SDK. Create an account, get an API key, call one endpoint. No wallets, no MetaMask, no Solidity required. |
Everything below works right now against the live dev API. No SDK needed — just curl.
curl -s -X POST https://api.dev.litprotocol.com/core/v1/new_account \
-H "Content-Type: application/json" \
-d '{"account_name": "my-app", "account_description": "Getting started"}' | jq{
"api_key": "T6j+7BAA…",
"wallet_address": "0x3318…b0c5"
}curl -s https://api.dev.litprotocol.com/core/v1/create_wallet \
-H "X-Api-Key: $API_KEY" | jq{
"wallet_address": "0x2a03…9bf6"
}curl -s -X POST https://api.dev.litprotocol.com/core/v1/lit_action \
-H "X-Api-Key: $API_KEY" \
-H "Content-Type: application/json" \
-d '{
"code": "async function main() { return { hello: \"world\", timestamp: Date.now() }; }"
}' | jq{
"response": { "hello": "world", "timestamp": 1711684200000 },
"logs": "",
"has_error": false
}Or skip the terminal and use the Dashboard — a full GUI for account management, wallet creation, and action execution.
Lit Actions are immutable JavaScript programs stored on IPFS and executed inside the TEE with access to derived keys. They can sign data, encrypt and decrypt secrets, make HTTP requests, and return cryptographically attested results.
// Fetch a live price and sign it as a verifiable proof
async function main({ pkpId }) {
const res = await fetch(
"https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd"
);
const price = (await res.json())?.ethereum?.usd;
const wallet = new ethers.Wallet(
await Lit.Actions.getPrivateKey({ pkpId })
);
const signature = await wallet.signMessage(`ETH/USD: ${price}`);
return { price, signature };
}A smart contract can ecrecover the signature to confirm the price was attested by a known PKP — no off-chain trust required.
More patterns
| Pattern | Description |
|---|---|
| Sign a message | Retrieve a PKP key, sign arbitrary data, return a verifiable signature |
| Encrypt a secret | Secure sensitive data using the PKP for storage anywhere |
| Decrypt a secret | Recover plaintext from previously encrypted data using the same PKP |
| Gate on external data | Fetch weather, prices, or any API — only sign if conditions are met |
| Read smart contracts | Call view functions on any EVM chain and sign the result as a proof |
| Send ETH | Construct, sign, and broadcast transactions from a PKP wallet |
See the full Examples guide for copy-paste code.
Every endpoint accepts X-Api-Key or Authorization: Bearer <key>. The Core API is mounted at /core/v1/.
Full OpenAPI spec: /core/v1/swagger-ui
POST /core/v1/new_account Create an account → { api_key, wallet_address }
GET /core/v1/create_wallet Mint a new PKP wallet
POST /core/v1/lit_action Execute JavaScript in the TEE
POST /core/v1/add_action Register a Lit Action (IPFS CID or inline)
POST /core/v1/add_group Create a permission group
GET /core/v1/list_wallets List all PKP wallets for the account
GET /core/v1/list_actions List registered Lit Actions
GET /core/v1/version Server version and commit hash
See the Architecture overview and Authentication model in the docs.
| Programmable Key Pairs (PKPs) | Network-managed elliptic-curve key pairs. Key material is derived on-demand from the root key inside the TEE — it never exists at rest, so it can't leak from storage. Keys will only resolve correctly when talking to an authentic Chipotle node, which the end user can verify. Fully verifiable trust chain. |
| Lit Actions | Immutable JavaScript programs on IPFS. They can sign, encrypt, decrypt, fetch external data, and call smart contracts. |
| Groups | Permission policies binding PKPs to action CIDs and scoped API keys. Controls both what can execute and who can trigger it. |
| Encrypt / Decrypt | PKP-derived symmetric encryption. Store ciphertexts anywhere — only permitted actions can decrypt. |
| On-Chain Permissions | Smart contracts on Base control accounts, API key scopes, PKP registrations, and group membership. |
| REST + SDK + Dashboard | Three ways in: raw HTTP, the Core SDK, or the Dashboard. |
| Verifiable Deployment | TEE attestation + on-chain state = cryptographic proof the node is running expected code. Verification guide |
| Documentation | docs.dev.litprotocol.com |
| Dashboard | dashboard.dev.litprotocol.com |
| API | api.dev.litprotocol.com |
| OpenAPI / Swagger | Swagger UI |
| Architecture | Architecture overview |
| Auth model | Authentication model |
| Lit Actions | Overview · Examples · Patterns |
| Pricing | Credit-based pricing |
| Lit Protocol | litprotocol.com |
All rights reserved. Copyright Lit Protocol.