Skip to main content
T+ uses Ed25519 key pairs for request signing and identity. The tplus accounts commands let you generate fresh keys, import existing ones, and inspect the accounts stored on disk. All accounts live under ~/.tplus/users as encrypted keyfiles, and every write to that directory prompts for (or reads from TPLUS_PASSWORD) an encryption password.

Account storage

Accounts are stored as encrypted keyfiles at ~/.tplus/users/<alias>. The alias is the short name you pass to accounts add or accounts generate — for example, alice. The keyfile is decrypted on demand whenever a command needs to sign a request.
In automation environments (CI, Docker, scripts) you can set TPLUS_PASSWORD to the encryption password so that the CLI never prompts interactively. Avoid exporting this variable in shared shells.

Generating a new account

Generate a fresh Ed25519 key pair and save it under the given alias: 
tplus accounts generate alice
The public key is printed to stdout after the keyfile is written. Share this public key when you need to register the account with T+ services.

Importing an existing private key

If you already have an Ed25519 private key (as a hex string), import it with accounts add: 
tplus accounts add alice --private-key <hex>
If you omit --private-key, the CLI will prompt you to enter the key interactively — useful when you don’t want the key to appear in your shell history.

Listing accounts

List every account alias currently stored on disk: 
tplus accounts list
The output shows each alias alongside its corresponding public key.

Inspecting an account

Show the public key and metadata for a single account: 
tplus accounts show alice

Signing a payload

The tplus sign command signs an arbitrary message with a local account and prints the hex-encoded signature. This is useful for testing request authentication or producing signed payloads for external tooling. 
# Sign a literal string
tplus sign --account alice -m "hello"

# Pipe a message from stdin
echo "hello" | tplus sign --account alice
Combine tplus sign with --output-format json (via the global flag) if you need the signature embedded in structured output for a script.

The --account global option

All commands that interact with the orderbook or signing use the --account flag to select which local keyfile to sign with. You can set a default so you don’t have to pass it every time: 
export TPLUS_ACCOUNT=alice
tplus orders place --asset 0xabc...@42161 --side buy --type limit --quantity 10 --price 1000
Without TPLUS_ACCOUNT set, commands that require signing will either prompt you to specify --account or will use the only account on disk if exactly one exists.