Skip to main content
The circuit wallet namespace manages an encrypted local keystore that holds the local keys circuit run uses to sign in local mode. The keystore lives at ~/.circuit/local/keystore by default, sealed with AES-256-GCM under a key derived (HKDF-SHA256) from a local identity the CLI generates on first use — there is no keystore password. Override the location with --keystore <path>.
The keystore is for circuit run and circuit unwind local mode. Hosted runs (--hosted engine) select wallets from your Circuit account through the API and do not use this keystore.

List Wallets

circuit wallet list
Prints one TSV row per wallet (ADDRESS\tTYPE) so the output is pipe-friendly. Use --json for a structured response. If no keystore exists yet, this exits 0 with an empty list and a hint to circuit wallet add.

Add Wallet

circuit wallet add
Interactive — prompts for a source:
  1. Import: prompts for a private key in a masked password field (never echoes to the terminal, scrollback, or script(1) capture).
  2. Generate: creates a fresh EVM secp256k1 or Solana ed25519 keypair from OS entropy.
The first circuit wallet add creates the local identity and keystore automatically — no password, no login, no account. Subsequent adds seal into the same keystore. Non-interactive use: --generate <ethereum|solana> creates a fresh keypair without prompts (the import flow stays terminal-only so a private key never appears in argv).

Delete Wallet

circuit wallet delete <address>
Removes a wallet from the keystore. Requires a y/N confirmation (pass --yes to skip it). For local wallets this permanently loses the key bytes — they aren’t stored anywhere else.

Export Wallet

circuit wallet export <address>
Audited escape hatch — decrypts a local key and prints it to stderr (so a shell > redirect doesn’t accidentally capture it; use 2> if you genuinely want to file it). Requires the user to type yes I understand before printing (pass --yes to skip the prompt).

Keystore file location

circuit wallet honors two paths to override the default ~/.circuit/local/keystore:
MechanismScopeExample
--keystore <path> flagper-commandcircuit wallet list --keystore /tmp/k.enc
CIRCUIT_CONFIG_PATH env varoverrides the whole config dirCIRCUIT_CONFIG_PATH=/etc/circuit circuit wallet list
The keystore file is always written with 0600 permissions (owner read/write only); circuit wallet refuses to read a keystore that has been chmod’d looser than that.