To be able to sign transactions using the Utila CLI, you will need to enroll a device and secure its key shares.

This guide will walk you through the creation of a device, and the distribution of the key shares.

1. Create a Device

Each device requires a key pair.

You can either provide an existing private key (for example, re-use the private key that is used for the service account) or let the CLI generate a new one automatically.

To register a new device, use the utila devices register command.

📘
Example
Creating a device using an existing private key:
utila devices register --vault-id <vault-id> \
  --private-key-path <private-key-file-path>

📘
Example
Creating a device with a newly generated key:
utila devices register --vault-id <vault-id> --generate-key

ℹ️
The device private key will be stored in the local configuration directory.

After running this command, the device is created but must be approved by the Admin Quorum before it can be used. The command outputs the fingerprint of the device’s private key. Make sure to share this fingerprint with the admin who will approve (sign) the device.

2. Approve the Device

The new device must be approved by the admin quorum. Use the Utila mobile app to approve and sign the service account's device.

Once approved, encrypted wallet key shares are generated and uploaded to Utila for the device.

3. Download the key shares

Now that the device has been approved and signed by the admin quorum, and the encrypted wallet key shares were generated and uploaded for the new device, run the utila keys download command to download and decrypt the key shares.

📘
Example
Downloading the key shares of the device:
utila keys download --vault-id <vault-id> --device-id <device-id>

These key shares are required for signing transactions with the Utila CLI.

Now your device is fully set up, and you’re ready to start signing transactions!
Next, you can refer to the Co-Signer Setup Guide and configure a co-signer for automatic signing.