Skip to main content
Lit gives your app two cryptographic superpowers without a backend to trust: signing (wallets whose keys never leave a secure enclave, driven by code you control) and encryption (data only your authorized code can decrypt). Both are powered by Lit Actions — immutable JavaScript programs that run inside a chain-secured TEE, with key permissions governed on-chain.

New here? Start with the Quick Start

Create an account, fund it, and run your first Lit Action in a few minutes — then follow the guide for your use case below.

What do you want to build?

Pick your use case. Each guide takes you from a fresh account to a working, verifiable result, and flags the administrative pieces (keys, funding, permissions) as you meet them.

Signing

Create a wallet the network holds for you, sign messages and transactions from code, and verify every signature. Covers conditional signing, EVM and Solana, and non-custodial co-signing.

Encryption & decryption

Encrypt secrets so only code you’ve authorized on-chain can decrypt them. Covers the encrypt/decrypt round trip, storing ciphertext anywhere, and using encrypted API keys inside actions.
Not sure which nouns mean what? Core Concepts explains the five things every Lit app is made of — accounts, API keys, wallets (PKPs), actions, and groups — in one page.

Use cases in the wild

Patterns people build on these two primitives, with runnable code for each.

Cross-chain actions

Read state on one chain, sign on another — bridges, mirrors, and replays without a multisig in the middle.

Custom oracles

Aggregate any HTTP or RPC feed inside the TEE, sign the result, deliver it anywhere a signature is trusted.

Conditional signing

Sign only when on- or off-chain conditions hold — sanctions screens, price thresholds, KYC checks, dispute windows.

Encrypted secrets

Encrypt API keys, credentials, or user data — decryptable only by an action you’ve authorized on-chain.

Administer your account

Everything you need to operate what you build — you’ll meet each of these inside the guides, and they’re all collected under Administration in the sidebar.

Dashboard

Web GUI for accounts, API keys, wallets (PKPs), IPFS actions, and groups.

API Keys

Your master account key vs. scoped, rotatable usage keys — and how to manage both.

Pricing & Funding

Credit-based billing, what’s metered vs. free, and paying by card, crypto, or LITKEY.

Account Modes

API mode vs. ChainSecured mode — picking an ownership model and migrating between them.

REST API

Drive every management workflow from cURL, the lightweight JS SDK, or your own OpenAPI client.

Errors

What 402 Payment Required and friends mean, and how to fix them.

How it works

How the runtime works and how trust is established.

Chain Secured

Your keys’ authority lives on-chain; an attested TEE enforces it by reading the chain.

Architecture

The three layers: chain-secured TEE, on-chain permissions, and IPFS-hosted actions.

Auth Model

How API keys, scopes, and account ownership combine to authorize requests.

Verification

Attest that the enclave is running the code it claims to be running.

Reference

Lit Actions SDK

Functions available inside an action: signing, encryption, HTTP, response.

OpenAPI / Swagger

Full REST API schema — generate clients in any language.