Security & Best Practices

8.1 Key Management

  • Never store PoolKey secrets in front-end code.

  • Keep admin keys in backend with proper secret management (e.g. Vault, KMS).

  • Rotate keys regularly.

8.2 Privacy Hygiene

  • Avoid logging sensitive payloads or user metadata.

  • Don’t send raw user identifiers alongside private actions unless necessary.

  • Never reconstruct per-user balances from commitments on the backend — let the SDK handle it locally.

8.3 ZK Circuit & Upgrades

  • When circuits are upgraded (new proving system, bug fix), you may need to:

    • upgrade SDK

    • update integration config

    • schedule a migration window for your app.

8.4 Monitoring

  • Integrate with ZKGate’s monitoring APIs / webhooks (e.g. batchFinalized, withdrawCompleted).

  • Track:

    • pool health

    • volume

    • proof failure rates

This helps you quickly detect integration issues or unusual flows.

PreviousTesting & SandboxNextRoadmap

Last updated