Your HyperLiquid main private key controls everything — trading, withdrawals, transfers. If it leaks, an attacker can drain your entire account.

HyperLiquid provides API wallets (also called agent wallets) specifically for programmatic trading. Always use one with this tool.

1. Log in at app.hyperliquid.xyz
2. Go to Portfolio → API Wallets → Generate
3. Give it a name (e.g., "agent-bot")
4. Copy the private key immediately — it's only shown once
5. Import into this tool: hl keys import --backend ows

This tool stores your API wallet key locally using multiple encrypted backends:

Keys are dual-written to OWS + Keychain (on macOS) for redundancy.

Rotate your API wallet periodically:

1. Generate a new API wallet on app.hyperliquid.xyz
2. Import the new key: hl keys import --backend ows
3. Deregister the old API wallet from the web UI

Important: HyperLiquid strongly recommends never reusing an API wallet address after deregistration. Nonce state is pruned after deregistration, which could allow replay of previously signed actions.

1. Immediately deregister the API wallet at app.hyperliquid.xyz
2. Close any open positions from the web UI
3. Generate a fresh API wallet
4. Import the new key into this tool
5. Your funds are safe — API wallets cannot withdraw

For separate budgets per strategy:

1. Create sub-accounts on app.hyperliquid.xyz
2. Transfer funds to the sub-account
3. Create a dedicated API wallet for the sub-account (2 named agents allowed per sub-account)
4. Import: hl keys import --backend ows

Sub-account volume counts toward your master account fee tier.

• Never stores your main private key (unless you explicitly give it — don't)
• Never makes withdrawal API calls
• Never transmits keys over the network
• Never logs key material
• Never phones home or sends telemetry