The problem
You are worried about recovery for your agent's wallet. What happens if something goes wrong, a lost credential, a compromised key, a need to regain access, can you recover the wallet and its funds? With human wallets, recovery means a seed phrase you must guard, and losing it means losing everything, so it is natural to ask what the equivalent is for an agent, and to want a clear answer before trusting an agent with funds.
This is the wallet-recovery problem, and the honest answer depends on which custody model you use, because it changes recovery fundamentally. With a managed agent wallet, the recovery story is not about a seed phrase at all; with self-custody, it is the familiar key-backup story. The symptom is uncertainty about how to recover or protect access to an agent's wallet, and the fix is to understand the recovery model for your custody choice and protect the right thing, your account and keys for managed, your key backups for self-custody.
Why managed wallets change recovery
A managed agent wallet changes recovery because the agent never holds a raw private key. The platform holds and manages the keys, and the wallet is tied to your account, so there is no seed phrase for you or the agent to store, and therefore none to lose. The classic crypto risk, lose the phrase, lose the funds, simply does not apply in the same way, because there is no phrase in the agent's hands to begin with.
Instead, access to the wallet depends on your account and the API keys you use to operate it. This shifts what recovery means: rather than safeguarding and recovering a seed phrase, you secure your account and manage your keys, and the wallet persists with the account regardless of any single key. That is a genuinely different and, for most, easier model: you protect account access, which you already know how to do, rather than guard a phrase whose loss is catastrophic. Understanding this is the key to the recovery question for managed wallets.
The fix
The fix for the managed case is to treat recovery as account and key hygiene rather than seed-phrase recovery. Secure your account with strong credentials and access controls, because account access is what grants control of the wallet. Manage your API keys: keep them secret, and rotate or revoke any that may be exposed. Because the wallet is tied to your account and not to a single key, you can rotate keys freely without losing the wallet, the funds and the wallet persist as long as you retain account access.
So there is no seed phrase to back up and no recovery phrase to lose; the protective actions are securing the account and managing keys. This is the recovery model for a managed agent wallet, and it is deliberately aligned with ordinary account security rather than crypto key ceremonies. The fix to the recovery worry is therefore to apply good account and key hygiene, which both prevents the loss-of-access scenarios and gives you the levers, key rotation and revocation, to respond if a credential is compromised.
Manage your API keys
API keys are the operative credential for a managed agent wallet, so managing them well is central to both security and recovery. Keep keys out of code that gets shared or committed, store them as secrets, and use test keys (sk_test_) in development and live keys (sk_live_) only in production. Treat a live key as sensitive, since it can authenticate operations on the wallet.
The two key actions for recovery and incident response are rotation and revocation. If a key may be exposed, revoke it with apiKeys.revoke so it can no longer be used, and issue a fresh one, this is the lever that cuts off a compromised credential without affecting the wallet itself. Rotating keys periodically, even without a known exposure, limits the window any single key is valid. Because these actions operate on keys while the wallet stays tied to your account, you can respond to a key problem decisively without risking the funds, which is exactly what you want from a recovery model.
If you suspect compromise
If you suspect an agent's wallet is compromised, whether a leaked key or an agent behaving maliciously, you have immediate levers that double as recovery actions. Revoke the affected API key with apiKeys.revoke to stop it authenticating, which halts any payments it could make. If the concern is the agent overspending rather than a leaked key, tighten the agent's spend limit in the dashboard to freeze its spending while you investigate.
These actions let you regain control quickly without losing the wallet: the compromised credential is cut off, the wallet and funds remain with your account, and you can issue a fresh key and resume once safe. So recovery from a compromise in the managed model is not a desperate scramble to find a backup phrase, but a controlled response, revoke, freeze, investigate, reissue, using the account-level levers. That controlled-response capability is part of why the managed model is reassuring: a compromise is contained and recoverable rather than potentially total.
The self-custody case
If you self-custody an agent's keys instead of using a managed wallet, the recovery model is the traditional one and the responsibility is yours. You hold the private keys, so you must back them up securely and have your own recovery process, because losing the keys means losing the funds with no platform to fall back on. There is no account-level recovery; the keys are everything, exactly as with any self-custodied crypto.
This is a legitimate choice for those with a hard self-custody requirement and the capacity to manage keys safely, but it reintroduces the lose-the-keys-lose-the-funds risk that the managed model removes. The recovery burden, secure backups, tested recovery, protection against loss and theft, is part of the cost of self-custody. For most agent builders, that burden is a reason to prefer managed wallets, where recovery is account-level and far simpler. Match the recovery model to your custody choice, and weigh the self-custody recovery burden honestly against the managed alternative.
What persists and what to protect
It helps to be concrete about what survives a problem and what you must guard. In the managed model, the wallet, its balance, its identity, and its transaction history persist with your account, they do not live or die with any single API key, so rotating or revoking a key leaves all of that intact. What you must protect is account access itself, because that is the root of control; lose the account and you lose the lever over the wallet, which is why account security is the real recovery safeguard.
So frame your protection accordingly: guard the account as the crown jewel, treat API keys as rotatable credentials you can replace, and rely on the fact that the wallet persists with the account. This is a far more forgiving posture than seed-phrase custody, where one secret is irreplaceable. Knowing what persists, the wallet, and what to protect, the account, turns recovery from a worry into a manageable part of operating agents.
Related reading
If you are thinking about agent wallet recovery, the custody model is the crux, so see what-is-an-ai-agent-wallet for the managed model and ai-agent-crypto-wallet-setup for how setup avoids seed phrases in the first place. Together they clarify why recovery is account-level for managed wallets and a key-backup task for self-custody. Pricing is on the pricing page.