Frequently asked questions

How do I get started?

It's very easy to get started. If you have an existing Ethereum private key you can connect using MetaMask, WalletConnect, or a hardware wallet. If you don't have a key, don't worry, you can login using a magic link to your email, and we'll facilitate you generating a private key directly in your browser, and encrypting it with a cloud HSM connection. This is provided by Magic.


This is non-custodial, and neither Valist, nor Magic, have access to your keys. For more information on how this works, check out Magic's security page.


We are always exploring easy user onboarding without compromising security.

How do I publish a file to Valist?

1. Login with an email or connect using an existing wallet.


2. Create an Organization.


3. Create a new Project.


4. If your release is an NPM or PIP package, you will need to compress the package directory into a tar.gz archive.


5. Publish your release on the Project's "Publish" page.

How does it work?

Valist leverages an Ethereum smart contract to create Access Control lists of authorized public keys for each organization and project. Data within the system is validated and upheld by a global network of peers.


Operations such as release management and key rotation are enforced in the smart contract by checking whether a transaction was signed by a keypair with adequate privileges.


When a new release is published, the file is uploaded to the IPFS network and a pointer to its corresponding IPFS hash is stored within the smart contract.

What are Multi-Factor Releases?

A multi-factor release is a feature provided by Valist that requires multiple developers within an organization or project to digitally sign off on a release before that release is authorized to be published.


For example, you can require that 7 out of 10 developers need to sign off on a release before it is published. This prevents unauthorized releases, and reduces individual liability.