# Key Management

## Sagacli and Key Management

`sagacli` stores and manages your key pairs. You can either create a new key or import your existing key(s).

These keys may be in any format as long as the format is supported by the Tendermint crypto library. It can be used by light-clients, full nodes, or any other application that needs to sign with a private key.

## Keyring

The keyring supports the following backends:

<table data-header-hidden><thead><tr><th width="112"></th><th></th><th data-hidden></th></tr></thead><tbody><tr><td>os</td><td>Uses the operating system's default credentials store.</td><td></td></tr><tr><td>file</td><td>Uses encrypted file-based keystore within the app's configuration directory. This keyring will request a password each time it is accessed, which may occur multiple times in a single command resulting in repeated password prompts.</td><td></td></tr><tr><td>kwallet</td><td>Uses KDE Wallet Manager as a credentials management application.</td><td></td></tr><tr><td>pass</td><td>Uses the pass command line utility to store and retrieve keys.</td><td></td></tr><tr><td>test</td><td>Stores keys insecurely to disk. It does not prompt for a password to be unlocked and it <mark style="color:red;">should be use only for testing purposes</mark>.</td><td></td></tr></tbody></table>

`kwallet` and `pass` backends depend on external tools. Refer to their respective documentation for more information: see [KWallet](https://github.com/KDE/kwallet) and  [pass](https://www.passwordstore.org/)

The pass backend requires [GnuPG](https://gnupg.org/).

## Supported Functions

To view key management functions supported by `sagacli`, look at the output below.

```

$ sagacli keys --help
Usage:
  sagacli keys [command]

Available Commands:
  add         Add an encrypted private key (either newly generated or recovered), encrypt it, and save to <name> file
  delete      Delete the given keys
  list        List all keys
  rename      Rename an existing key
  show        Retrieve key information by name or address

Flags:
  -h, --help   help for keys

Global Flags:
      --controller string          controller grpc url (host:port) (default "https://controller.testnet-sp1.sagarpc.io")
      --from string                Name of private key used to sign (default "bogdan_local")
      --keyring-backend string     Select keyring's backend (os|file|test) (default "file")
      --ledger                     Use the connected Ledger device for signing tx
  -l, --loglevel string            commands logging level (default "info")
      --network-rpc string         <host>:<port> to tendermint rpc interface for remote chain (default "https://spc.testnet-sp1.sagarpc.io")
  -o, --output string              output type <text|json> (default "text")
      --platform-chain-id string   The SPC network chain ID (default "spc-testnet-1")

Use "sagacli keys [command] --help" for more information about a command.

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.saga.xyz/sagacli/key-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.