Skip to main content

Policy language

This page provides an overview of how to author policies using our policy language. To begin, we'll need to get familiar with the language's grammar, keywords, and types.

Grammar

The grammar has been designed for flexibility and expressiveness. We currently support the following operations:

OperationOperatorsExampleTypes
logical&&, ||"true && false"(bool, bool) -> bool
comparison==, !=, <, >, <=, >="1 < 2"(int, int) -> bool
comparison==, !="'a' != 'b'"(string, string) -> bool
comparisonin"1 in [1, 2, 3]"(T, list<T>) -> bool
accessx[<index>][1,2,3][0](list<T>) -> T
accessx[<index>]"'abc'[0]"(string) -> string
accessx[<start>..<end>][1,2,3][0..2](list<T>) -> (list<T>)
accessx[<start>..<end>]"'abc'[0..2]"(string) -> string
accessx.<field>"user.tags"(struct) -> T
functionx.all(item, <predicate>)"[1,1,1].all(x, x == 1)"(list<T>) -> bool
functionx.any(item, <predicate>)"[1,2,3].any(x, x == 1)"(list<T>) -> bool
functionx.contains(<value>)"[1,2,3].contains(1)"(list<T>) -> bool
functionx.count()"[1,2,3].count()"(list<T>) -> int
functionx.filter(item, <predicate>)"[1,2,3].filter(x, x == 1)"(list<T>) -> (list<T>)

Keywords

Keywords are reserved words that are dynamically interchanged for real values at evaluation time. Each field supports a different set of keywords.

Consensus

KeywordTypeDescription
approverslist<User>The users that have approved an activity

Condition

KeywordTypeDescription
activityActivityThe activity metadata of the request
eth.txEthereumTransactionThe parsed Ethereum transaction payload
walletWalletThe target wallet used in sign requests
private_keyPrivateKeyThe target private key used in sign requests

Types

The language is strongly typed which makes policies easy to author and maintain.

Primitive

TypeExampleNotes
booltrue
int256i64
string'a'only single quotes are supported
list<T>[1, 2, 3]a list of type T
struct{ id: 'abc' }a key-value map of { field:T } (defined below)

Struct

StructFieldTypeDescription
UseridstringThe identifier of the user
tagslist<string>The collection of tags for the user
emailstringThe email address of the user
aliasstringThe alias of the user
ActivitytypestringThe type of the activity (e.g. ACTIVITY_TYPE_SIGN_TRANSACTION_V2)
resourcestringThe resource type the activity targets (e.g. USER, PRIVATE_KEY, POLICY, etc)
actionstringThe action of the activity (e.g. CREATE, UPDATE, DELETE, SIGN, etc)
WalletidstringThe identifier of the wallet
PrivateKeyidstringThe identifier of the private key
tagslist<string>The collection of tags for the private key
EthereumTransactionfromstringThe sender address of the transaction
tostringThe receiver address of the transaction
datastringThe arbitrary data of the transaction (hex-encoded)
valueintThe amount being sent (in wei)
gasintThe maximum allowed gas for the transaction
gas_priceintThe price of gas for the transaction
chain_idintThe chain identifier for the transaction

Activity Breakdown

Resource TypeActionActivity Type
ORGANIZATIONCREATEACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4
INVITATIONCREATEACTIVITY_TYPE_CREATE_INVITATIONS
DELETEACTIVITY_TYPE_DELETE_INVITATION
POLICYCREATEACTIVITY_TYPE_CREATE_POLICY_V3
UPDATEACTIVITY_TYPE_UPDATE_POLICY
DELETEACTIVITY_TYPE_DELETE_POLICY
WALLETCREATEACTIVITY_TYPE_CREATE_WALLET
CREATEACTIVITY_TYPE_CREATE_WALLET_ACCOUNTS
EXPORTACTIVITY_TYPE_EXPORT_WALLET
PRIVATE_KEYCREATEACTIVITY_TYPE_CREATE_PRIVATE_KEYS_V2
CREATEACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG
UPDATEACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG
DELETEACTIVITY_TYPE_DISABLE_PRIVATE_KEY
DELELEACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS
EXPORTACTIVITY_TYPE_EXPORT_PRIVATE_KEY
SIGNACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2
SIGNACTIVITY_TYPE_SIGN_TRANSACTION_V2
USERCREATEACTIVITY_TYPE_CREATE_USERS_V2
CREATEACTIVITY_TYPE_CREATE_USER_TAG
UPDATEACTIVITY_TYPE_UPDATE_USER
UPDATEACTIVITY_TYPE_UPDATE_USER_TAG
DELETEACTIVITY_TYPE_DELETE_USERS
DELETEACTIVITY_TYPE_DELETE_USER_TAG
CREDENTIALCREATEACTIVITY_TYPE_CREATE_API_KEYS
CREATEACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2
DELETEACTIVITY_TYPE_DELETE_API_KEYS
DELETEACTIVITY_TYPE_DELETE_AUTHENTICATORS

Coming soon

Turnkey will expand the policy language significantly over the next few months. Soon you'll have access to new keywords:

  • Self-defined variables (e.g., allow arbitrary data to be considered in policy validation)
  • Time-based limits (e.g., limit total transaction size over a 24 hour period)
  • Dollar-based amount limits based on current price (e.g., limit total $-based transaction amount for a given user type)