Token issuer key custody

As the issuer of a token you normally don't hold tokens for a long time. Typically Tokens are distributed to investors shortly after they are minted.
However, often additional tokens need to be minted after the primary issuance. Sometimes certain properties of tokens need to be changed. Only if you can be sure, that additional token minting, burning or other configurations will never change after the primary issuance, the issuer account key for a particular token can be deleted.
In all other cases, issuer keys need to be kept in a safe location from where transactions can be signed ideally in an automated way.
The Bitbond Offering Manager is set up in a way, that issuer keys for tokens that are minted on Stellar are kept in custody by a custodian. The custodian usually utilizes key management software that is connected to the Offering Manager via an API. Therefore token minting can happen in a seamless way and and as an issuer you don't have to deal with key management after you were on-boarded by your custodian.
At Bitbond we work with several regulated custodians and can recommend partners for you.
Alternatively, if you mint tokens on an EVM chain with the Bitbond Token Tool, there are the following ways to manage your issuer keys.


You can work with a custodian as described above. The custodian needs to support Web3 login through Metamask Institutional or Wallet Connect.
In such cases the custodian can log in to Token Tool from within their key management software and create tokens, manage tokens and distribute tokens on behalf of the issuer.


If as an issuer you want to be independent of a custodian when it comes to token management, you need to maintain a key management solution yourself. There are several secure and convenient solutions in the market, some of which are listed here.

Metamask Institutional (MMI)

Metamask Institutional (MMI) as listed above is a secure way to manage keys. The advantage versus the Metamask consumer version is that MMI links to sophisticated key management solutions and custodians that allow for multisignature approvals. This lets you introduce certain governance rules such as X out of N signing (e.g. each minting transaction needs to be signed by 3 out 8 approvers).
Currently MMI supports the following custody providers: Qredo, BitGo and Cactus Custody (with more to come). If you want to use this option, you need to open an account with both, one of the custody providers mentioned here as well as MMI.

Gnosis Safe

Gnosis Safe is another secure and convenient way to manage issuer keys. It allows you to use Metamask or Wallet Connect to log in to Token Tool.


Fireblocks is a sophisticated key management software that has very comprehensive functionality around digital assets. It can store nearly all currencies and tokens that currently exist and lets you configure sophisticated governance and approval rules.
Typically custodians would utilize Fireblocks. If you need to manage multiple keys for several tokens and need a more sophisticated approach to governance, Fireblocks is they right way to go.
With Fireblocks you can log in to Token Tool with Wallet Connect.


Metaco is a digital asset custody and orchestration technology vendor that delivers bank-grade key management software. Similarly to Fireblocks, it's typically custodians who would utilize Metaco software to provide custody services to their clients.
Metaco supports a broad range of currencies and tokens and plans to introduce Wallet Connect for the support of Web3 applications like Token Tool.


Ledger is one of the leading hardware wallets. You can use it with Token Tool directly or use it as a more secure way to mange keys behind Metamask and log in to Token Tool with Metamask.


Metamask is a simple and convenient way to log in to Token Tool. However, from a security standpoint it should not be used for transactions and tokens of higher value because it is not built for an institutional but rather a consumer context.