Skip to main content
Registers a named user in the CLI. Each user bundles an identity (name), a signer backend, and the wallet address derived from that backend. All commands that submit transactions use the active user’s signer. If no active user is set when you add the first user, it is automatically activated.

Arguments

ArgumentDescription
<name>Identifier for this user. Letters, digits, -, and _ only.

Flags

FlagDefaultDescription
--backend <type>Signer backend. One of: local, privy, turnkey, para
--param <key=value>[]Backend parameter (repeat for multiple). See backend details below.
--secret <KEY=value>[]Backend secret as ENV_KEY=value. Saved to the OS keychain. Omit to be prompted interactively.
--activatefalseSet this user as the active user after adding.

Backends

local — Local keypair file

Reads a Solana keypair from a JSON file on disk (same format as solana-keygen).
ParamRequiredDescription
keypairNoPath to keypair JSON file. Default: ~/.config/solana/id.json

privy — Privy managed wallet

Signs via the Privy server-side wallet API.
ParamRequiredDescription
appIdYesPrivy application ID
walletIdYesPrivy wallet ID
apiBaseUrlNoCustom Privy API base URL (default: https://api.privy.io/v1)
SecretDescription
PRIVY_APP_SECRETPrivy application secret

turnkey — Turnkey managed wallet

Signs via the Turnkey API using a P256 API key pair.
ParamRequiredDescription
apiPublicKeyYesTurnkey API public key (hex-encoded)
organizationIdYesTurnkey organization ID
privateKeyIdYesTurnkey private key ID used for signing
publicKeyYesSolana public key (base58) corresponding to the Turnkey private key
apiBaseUrlNoCustom Turnkey API base URL (default: https://api.turnkey.com)
SecretDescription
TURNKEY_API_PRIVATE_KEYTurnkey API private key (hex-encoded, P256)

para — Para managed wallet

Signs via the Para server-side wallet API.
ParamRequiredDescription
walletIdYesPara wallet UUID
apiBaseUrlNoCustom Para API base URL (default: https://api.beta.getpara.com)
SecretDescription
PARA_API_KEYPara API key (server-side only)

Secrets and the OS keychain

Secrets passed via --secret or entered interactively are saved to the OS keychain (macOS Keychain, GNOME Keyring, etc.) scoped to the user name. On subsequent runs, the CLI reads them back automatically — no environment variable needed. If the keychain is unavailable (e.g. headless Linux without a keyring daemon), the CLI falls back to the current process environment and prints a warning:
In that case, export the variable in your shell before using commands that need it.

Output