Since your private keys never leave the KMS HSM, you don't have to worry about seed phrase or device vulnerabilities. And if you forget your password, you can recover it seamlessly through your own self-hosted Amazon Cognito server supporting MFA via SMS, email, and soon, passkeys.
Some weeks ago I made Llavero Wallet-a self-service solution that gives you complete control over your digital keys and assets-public. “Llavero” means “keyring” in Spanish, and this wallet lives up to its name by providing you with the tools you need to secure your digital world. This initial MVP release is aimed at technical users for now. However, I need feedback from knowledgeable people to improve and simplify things for a broader audience down the road. So I’m hoping this generates interest from potential contributors.
Let’s be real — managing your own keys in a completely secure way is hard work. Understanding and mitigating all the hardware, software, and seed phrase vulnerabilities requires a huge investment of time and effort that most people can’t make.
For regular users, it’s a daunting prospect to have a cold hardware wallet stored in a safe somewhere, paper backups, and detailed instructions for loved ones on what to do if something happens to you. They understandably fear losing keys, getting robbed, or messing up backup procedures. It’s not a very user-friendly or reassuring solution for daily digital asset use.
People are used to the simplicity and safety nets of modern online banking — recovering passwords via MFA, bio-metrics, simple KYC processes, and having some recourse if things go wrong. Self-custody needs to be effortless while maintaining privacy and true ownership.
Llavero Wallet provides a self-custodial and secure way to manage your cryptocurrency assets through a user-friendly cloud infrastructure deployed using AWS Cloud Development Kit (CDK). It sets up a Next.js frontend hosted on Amazon CloudFront (Content Delivery Network), with the backend powered by Lambda functions, and data storage using Amazon DynamoDB and S3.
The core is the AWS Key Management Service (KMS), a cloud HSM that generates and safeguards your private keys. KMS acts as a dedicated hardware wallet in the cloud, ensuring your keys never leave its hardened enclave.
For authentication, Llavero uses Amazon Cognito to provide a self-hosted user directory supporting MFA via SMS, email, and soon passkey.
The transaction signing workflow is:
Initiate transaction on Llavero frontend
Request signature from Cognito for MFA
Verify MFA (SMS, email, authenticator)
Provide MFA confirmation to frontend
Frontend requests KMS to sign transaction
KMS signs transaction and sends to blockchain
Transaction confirmation relayed back
By utilizing AWS free tiers for services like CloudFront, DynamoDB, S3, Cognito and KMS, the entire Llavero infrastructure has a recurring cost of only around $1 monthly for an individual.
Future roadmap: Enable installation across multiple clouds and personal hardware using cryptographic techniques like Shamir secret sharing or multi-party computation (MPC) to split and reconstruct the private key across a decentralized web of nodes without any single point of control.
The goal is an effortless way to deploy resilient, censorship-resistant and vendor-agnostic self-custodial infrastructure tailored to desired security posture.
“blockchain purists” people who truly grok self-custody likely won’t ever trust a cloud-based product like Llavero Wallet. They already have a hardware wallet like Ledger stashed in a safe, stamped backups in safe deposit boxes, and a thoroughly documented dead man’s switch set up with their family. For them, a dedicated offline cold wallet is the only acceptable way.
And you know what? They’re not wrong. A hardware wallet hidden in a secure home location is exceedingly safe in general. It’s about as robust as physical security gets.
But…that’s just not a viable solution for most regular people doing daily digital life and asset management. If you set everything up correctly with a hardware wallet, the hassles and key vulnerability risks are still pretty high for a blockchain newbie.
So Llavero’s niche will be tricky to find at first. I’m hoping it resonates with blockchain newbies, plus tech-savvy folks who want self-custody without the super hardline approach. Easing the UX while maintaining robust security.
I believe every individual should have seamless access to their own sovereign personal infrastructure stack — a resilient service stack that’s essentially effortless to use and own.
In the coming AI era, cyber-security will become even more crucial as threats evolve. And like physical security, favoring isolation reduces risk from cascading mass attacks. Each person having their own fully isolated stack makes systematic compromise far more difficult.
Here’s the high-level road-map for getting there:
Today, cloud and software costs are already very inexpensive, and in the following years they will continue dropping towards zero cost as these technologies become further commoditized. Truly sovereign personal infrastructure should be free or ultra-low cost for everyone.
Llavero represents my first step toward that vision of individual empowerment and effortless self-sovereign security. It’s my attempt to make AWS’s powerful KMS accessible and self-custodial for people.
I hope you’ll check it out, provide feedback, and consider contributing your skills! I’m aiming to have over 10 people engaged in conversations about contributing code, security expertise, QA testing, or architectural input within the next few weeks.
Let’s work together to make truly effortless self-custody a reality — bringing enterprise-grade security and privacy to the people. The vault for the people.