Skip to content

[docs] add missing pattern entries for account_based and key_request #465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Danny-Devs wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[docs] add missing pattern entries for account_based and key_request #465

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion docs/content/ExamplePatterns.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,16 @@ This section covers access control, not link generation. You can generate and di

[Move source](https://github.com/MystenLabs/seal/blob/main/move/patterns/sources/voting.move)

Use this pattern to run a vote where ballots stay encrypted until completion. You define eligible voters and each submits an encrypted choice. When all votes are in, anyone can fetch the required threshold keys from Seal and use the [on-chain decryption](https://seal-docs.wal.app/UsingSeal/#on-chain-decryption) to produce a verifiable tally. Invalid or tampered ballots are ignored. This pattern is useful for governance, sealed-bid auctions, or time-locked voting.
Use this pattern to run a vote where ballots stay encrypted until completion. You define eligible voters and each submits an encrypted choice. When all votes are in, anyone can fetch the required threshold keys from Seal and use the [on-chain decryption](https://seal-docs.wal.app/UsingSeal/#on-chain-decryption) to produce a verifiable tally. Invalid or tampered ballots are ignored. This pattern is useful for governance, sealed-bid auctions, or time-locked voting.

## Account-based encryption

[Move source](https://github.com/MystenLabs/seal/blob/main/move/patterns/sources/account_based.move)

Use this pattern when you want to encrypt data to a specific Sui address. The key ID is derived directly from the recipient's address, so anyone can encrypt a message for address B, but only the owner of that address can decrypt it. There is no on-chain state to manage — access is determined entirely by address ownership. This pattern is a natural fit for end-to-end encrypted messaging, private notifications, or any scenario where you need to send encrypted data to a known recipient without setting up shared state first.

## Key request

[Move source](https://github.com/MystenLabs/seal/blob/main/move/patterns/sources/key_request.move)

Use this pattern to separate access policy evaluation from the `seal_approve` step. Instead of checking the full policy inside `seal_approve`, your contract performs whatever authorization logic it needs (payment, role check, rate limit, etc.) and issues a `KeyRequest` object. The `seal_approve` function then only verifies that the `KeyRequest` is valid and unexpired, keeping policy evaluation outside of the Seal dry-run path. This is useful when your access policy is complex, when you need to guarantee safety during dry-run evaluation, or when you want to charge per key request. The pattern uses a witness type to bind each `KeyRequest` to the issuing package, preventing cross-contract forgery.