> For the complete documentation index, see [llms.txt](https://shinkalabs.gitbook.io/hub/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy/session-keys.md). # session-keys This policy grants a temporary, scoped key over a dWallet, with the limits enforced on-chain. It is how you let a bot, an agent, or a delegated service sign on behalf of a wallet without handing over full control. Program address (Solana devnet): `3Y2QaXiJH3aSiooDnGQsZQhYN72r47mYYbHp9YWyiASm`. See also the workflow guide: [Session keys](/hub/andromeda/guides/session-keys.md). ## What it enforces A session is a delegated key with on-chain bounds: * **Expiry**: a slot after which the session is dead. * **Number of uses**: a cap on how many signatures the session may produce. * **Amount per transaction**: a cap on the value any single signed transaction may move. * **Allowed destination programs**: the session may only sign for these. The program checks all of these for every signature the session produces. ## Many sessions per dWallet A dWallet can have a large number of concurrent sessions (up to about 2^32). Each session has its own **monotonic replay nonce** that binds together the message digest, the amount, the destination program, and the signature nonce, so a signature from one session cannot be replayed in another context. ## Configuration * Per session: the delegated key, expiry slot, max uses, max amount per transaction, allowed destination programs. Creating, listing and revoking sessions follows the [policy lifecycle](/hub/andromeda/guides/deploy-policy.md) and the [Session keys](/hub/andromeda/guides/session-keys.md) workflow. ## On-chain guarantees * All session limits are enforced by the authority-holding program; the API cannot exceed them. * The replay nonce makes each signed action single-use in its context. * Init-authority-hash seeded PDA (no front-running). ## When to use it * Trading bots that need to act for a wallet within tight bounds. * AI agents that should be able to sign, but only small amounts, to known programs, for a limited time. * Any delegation where "revocable, time-boxed, capped, scoped" is the requirement. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shinkalabs.gitbook.io/hub/andromeda/guides/deploy-policy/session-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.