# Self-hosted key management

For advanced use cases requiring complete control over embedded wallet key custody and data handling, Openfort supports self-hosted key management through OpenSigner.

By default, Openfort manages the key shares used to secure your users' embedded wallets. With OpenSigner, you can host this key management infrastructure yourself, giving you full custody over the key material that protects your users' wallets.

## OpenSigner

OpenSigner is an open-source, self-hosted key management solution for embedded wallets that provides:

* **Complete Control**: Host the key management infrastructure on your own servers, keeping full custody of wallet key shares
* **Data Privacy**: Keep all key material and authentication data within your infrastructure
* **Customization**: Full access to customize the key management and authentication flow to match your needs
* **Security**: Implement your own security policies and compliance requirements for key custody

## Getting started

To set up self-hosted key management with OpenSigner:

1. Visit the [OpenSigner documentation](https://www.opensigner.dev)
2. Follow the deployment guide for your infrastructure
3. Configure your Openfort project to use your self-hosted instance
4. Customize the key management and authentication flow as needed

## Benefits

* **No vendor lock-in**: Full ownership of your embedded wallet key management infrastructure
* **Compliance**: Meet specific regulatory requirements for key custody and data residency
* **Performance**: Optimize for your specific geographic regions
* **Customization**: Tailor the key management experience to your exact needs

## Learn more

For detailed setup instructions, configuration options, and best practices, visit [OpenSigner](https://www.opensigner.dev).
