# Getting started

<SkillCard title="AI Skill" subtitle="@openfort/openfort-node" source="npm" subtitleHref="https://www.npmjs.com/package/@openfort/openfort-node" description="Pre-built prompt with the full setup reference." content={skillContent} fileName="SKILL.md" />

This guide helps you configure your server to programmatically manage **backend wallets**. Unlike client-side integrations, backend setup requires an additional layer of security to protect the developer-controlled private keys managed by your application.

::::steps

## Get your credentials

To interact with backend wallets, you need two distinct credentials from the [Openfort Dashboard](https://dashboard.openfort.io).

| Credential | Purpose | Storage |
| :--- | :--- | :--- |
| **API Secret Key** | Authenticates your server to the Openfort API. | Project settings |
| **Wallet Secret** | Encrypts and decrypts your backend wallet private keys. | Created by you |

:::warning\[The wallet secret]
The **wallet secret** is a master key that Openfort doesn't store in plaintext. It is required for every session initialization where you intend to sign transactions.
:::

## Install the SDK

Openfort provides a high-level Node.js SDK to handle the heavy lifting of transaction signing and wallet orchestration.

:::code-group

```sh [npm]
npm install @openfort/openfort-node

```

```sh [yarn]
yarn add @openfort/openfort-node

```

```sh [pnpm]
pnpm add @openfort/openfort-node

```

:::

## Configure environment variables

Create a `.env` file in your project root. Add this file to your `.gitignore` to prevent leaking sensitive credentials.

```text [.env]
# Your API Secret Key (starts with sk_test_ or sk_live_)
OPENFORT_SECRET_KEY=sk_test_...

# The Wallet Secret you generated in the dashboard
OPENFORT_WALLET_SECRET=...

```

## Initialize the SDK

To enable backend wallet functionality (`create`, `sign`, or `export`), pass the `walletSecret` into the Openfort configuration object during initialization.

:::code-group

```ts [ESM (import)]
import Openfort from '@openfort/openfort-node';

// Initialize with both API Secret and Wallet Secret
const openfort = new Openfort(process.env.OPENFORT_SECRET_KEY, {
  walletSecret: process.env.OPENFORT_WALLET_SECRET,
});

export default openfort;

```

```ts [CommonJS]
const Openfort = require('@openfort/openfort-node').default;

const openfort = new Openfort(process.env.OPENFORT_SECRET_KEY, {
  walletSecret: process.env.OPENFORT_WALLET_SECRET,
});

module.exports = openfort;

```

:::

::::

## Security best practices

To maintain the integrity of your **backend wallets**, follow these security guidelines:

* **Never expose secrets:** Ensure `OPENFORT_WALLET_SECRET` never reaches your frontend or client-side logs.
* **Use a secret manager:** For production, use services like AWS Secrets Manager, Google Secret Manager, or Doppler instead of plain `.env` files.
* **Rotation policy:** Periodically rotate your wallet secret to mitigate the risk of long-term credential exposure.

:::tip\[Runnable examples]
For a quick start, clone the [Node SDK examples](https://github.com/openfort-xyz/openfort-node/tree/main/examples) directory. It includes runnable scripts for all features covered in this documentation.
:::

## Next steps

Now that your environment is ready, you can start creating and managing programmatic accounts.

<HoverCardLayout>
  <HoverCardLink title="Backend wallet usage" description="Learn how to create Ethereum and Solana accounts and sign transactions." href="/products/server/accounts" icon={Zap} />

  <HoverCardLink title="Secret rotation" description="Instructions on how to safely rotate your wallet secrets." href="/products/server/wallet-secret-rotation" icon={Key} />

  <HoverCardLink title="Signing policies" description="Control which operations your wallets can perform with rule-based policies." href="/configuration/policies" icon={ShieldCheck} />
</HoverCardLayout>
