Vault

Guide – Creating & Managing EOAs

This guide walks you through creating your first Externally Owned Account (EOA) inside the Vault and querying it later.

• A running Vault instance.
• The admin key or a token with the eoa:create / eoa:read policies.
• The Vault SDK installed (see Installation).

---

import {
  createVaultClient,
  createEoa,
} from "@thirdweb-dev/vault-sdk";
 
const client = await createVaultClient({
  secretKey: "PROJECT_SECRET_KEY",
});
 
const res = await createEoa({
  client,
  request: {
    auth: { adminKey: process.env.VAULT_ADMIN_KEY! },
    options: {
      metadata: {
        team: "treasury",
        purpose: "eth-cold-storage",
      },
    },
  },
});
 
if (!res.success) throw new Error(res.error.message);
 
console.log("EOA address", res.data.address);

metadata accepts arbitrary key-value pairs that can later be used for filtering (listEoas) or for access-token policies.

---

import { listEoas } from "@thirdweb-dev/vault-sdk";
 
const list = await listEoas({
  client,
  request: {
    auth: { adminKey: process.env.VAULT_ADMIN_KEY! },
    options: {
      page: 1,
      pageSize: 20,
    },
  },
});
 
for (const eoa of list.data.items) {
  console.log(eoa.address, "metadata:", eoa.metadata);
}

You can build richer UIs by using the pagination data (page, pageSize, totalRecords).

---

• Group wallets via metadata – e.g. { env: "prod" }, { team: "ops" }.
• Use access tokens for app-specific actions – never ship the admin key to client-side code.
• Rotate when you onboard/offboard admins – see the rotation guide.