Extensions & API Integratons
      Back to home
      1. io.finnet Help Center
      2. Extensions & API Integratons

      Virtual Signer

       

      Available for io.vault Professional and Enterprise subscriptions and io.network subscriptions.
      1. Key considerations prior to set up
      2. Setting up a Virtual Signer
      3. Editing or configuring a Virtual Signer

      Virtual Signer is a Multi-Party Computation (MPC) application designed for secure, server-side transaction signing for your vaults. It enables an automated signing process with customizable approval and rejection logic, providing enhanced control and security over your transactions.

      Key considerations prior to set up

      There are a number of key areas to consider before setting up a virtual signer;

      • Server Options - To use Virtual Signer, you need a server that meets the minimum or recommended system requirements. Currently, we support only cloud deployments on your own infrastructure. Support for physical servers and io.-managed hosting will be available soon.
      • Virtual signer configuration / integration - For detailed setup instructions, refer to our technical guides designed for developers. These guides provide step-by-step integration instructions, covering infrastructure requirements, pricing, and deployment options. You can access them here.
      • Pricing - Ensure that you are on the correct subscription plan before proceeding. You can review the available subscription options here. For any questions or additional details, our customer support team is available via the Help Centre or through the Support tab on the left-hand side of the dashboard.

      Setting up a Virtual Signer

      Once you’ve reviewed the key requirements, you can find the Virtual Signer app in the Apps pane of the io.finnet dashboard. It offers an intuitive, visual interface for setting up and managing a Virtual Signer, requiring minimal technical expertise.

      Please Note: The Virtual Signer policy is configured on the Polygon blockchain, requiring a small amount of MATIC (<$2 worth) in your vault/account. This is necessary to cover the costs of setup, configuration, and any policy updates, including adding or modifying rules within the Virtual Signer. If there is no MATIC in the associated vault, the transaction will FAIL.

      Follow the steps below to set up a Virtual Signer:

      1. On the web dashboard, navigate to the “Apps” section on the left-hand side, then select “Virtual Signer Transaction Policies” to connect

      2. You will land on to the VS home page 

        • On this page you will see all of the virtual signers that are setup on your account
      3. Before starting the setup, you will need to create a docker-compose.yml, from your own infrastructure. Details can be found here

      4. When you're ready to proceed, click "New Virtual Signer Config" in the top right corner to begin the setup process

        • Please ensure you are connected to the correct vault within the top right corner, this process does require approval through your aligned signing powers on devices
      5. Next, name your Virtual Signer and select a setup method
        • Cloud – Deploy on your own cloud infrastructure
        • Physical (Coming Soon) – Connect a Virtual Signer to your physical hardware
        • io. Managed (Coming Soon) – A fully managed solution by io.finnet
      6. Click “Create API Key”

      7. After clicking on "Create API Key", the following credentials are generated:

        • Auth Client ID – A unique identifier used for authentication.
        • Auth Client Secret – A secure key required to authenticate API requests.
        These credentials are essential for Virtual Signer authentication when making GraphQL requests to retrieve a token. Keep the Auth Client Secret secure, as it is sensitive information required for API access
      8. After creating the API key, click "Next" to proceed to the Setup Details page. Here, you will need to enter the Hardware ID and configure port settings, allowing you to adjust them as needed
      9. Once you’ve reviewed and confirmed the details, click "Next". This will initiate an approval process for the associated vault
      10. Once approved by all required signing parties, your Virtual Signer (VS) will be deployed on the Polygon blockchain
      11. Your Virtual Signer is now deployed. You can review its configuration, manage settings, and set up policy rules as needed.

      Editing or configuring a Virtual Signer

      Please Note: Policy rules are deployed on the Polygon blockchain, requiring a small amount of MATIC in your vault/account to cover transaction costs.

      If there is insufficient MATIC, transactions for adding or editing rules will FAIL.


      Follow these steps to add a new policy to your Virtual Signer:

      1. Choose the Virtual Signer to which you want to add the rule
      2. Click "Policy Rules" at the top, then select "Create New Rule"

      3. Enter a name for your rule and select the rule type, then click "Next" to proceed:

        • Global - Applies to all transactions and vaults across the platform 
        • Vault - Applies only to a specific vault
        • User - Applies only to a specific user

      4. Specify the assets and amounts the rule should apply to (if you want this to be only against specific chains).

        • To apply the rule to all assets and amounts, leave this section blank and click "Next"

      5. Choose the specific vaults the rule should apply to (if you want this to be only against specific vaults). 

        • To apply it across all vaults, leave this section blank and click "Next"

      6. Specify receivers and source rules if neded.

        • To apply the rule across all receivers and sources, leave this section blank and click "Next"

      7. Choose what happens if a transaction violates this rule.

        • The default action is “Reject”
      8. Carefully review the rule setup. Once confirmed, click "Submit"

      9. The system will initiate an approval process for the aligned vault. Once approved by all required signing parties, the rule will be active and visible within the Virtual Signer.

       

      Please note

      • If you are connected to a different vault than the one originally set up, a warning banner will appear at the top
      • You must switch to the correct vault to proceed
      • If you are not aligned to the correct vault, the transaction will fail
      • You can test transactions against your rules using the "Transaction Approval Simulator" on the home page. This allows you to preview outcomes before enforcing the rule
      • If you select Vault or User as the rule type, you must assign the vault or user to the rule.

       

      I received an alert saying, “The Virtual Machine is undergoing a reboot as part of routine maintenance workflows orchestrated by the platform.” Should I be worried?

      No, this is a standard system maintenance process performed by the platform. Your Virtual Machine (VM) is being rebooted as part of routine updates, and no immediate action is required.

       

      What does this reboot mean for my Virtual Machine?

      The platform periodically performs automated reboots for maintenance, security updates, or system optimizations. This ensures that your VM runs efficiently and securely.

       

      Do I need to take any action?

      In most cases, no action is required. However, once the reboot is complete, you may need to manually start your Virtual Server (VS) if it does not restart automatically.