A Tezos Remote Signer
Signatory signs your Tezos Ops while protecting your private keys in HSMs, Cloud KMS, or TEEs

Easy to start, trivial to secure
Start by prototyping with an on-disk key; move to HSMs, Cloud KMS, or TEEs when ready.
Protocol‑aware policy enforcement
Set explicit Tezos policies (kinds, requests, JWT, remote policy). Signatory validates requests and watermarks before delegating to your HSM/KMS/TEE.
For bakers, validators, and apps
Use Signatory for baking/validator infrastructure and application workflows alike—such as exchanges, custodians, or oracles. A single signer enforces policy and watermarks while keys remain in your HSM/KMS/TEE.
Modular external policy (callback)
Integrate bespoke controls without forking Signatory using the remote policy hook. Signatory POSTs operation + metadata; your service returns allow/deny (optionally signed). See Remote Policy.
Built with observability
Critical infrastructure monitoring is crucial. Signatory exposes operational metrics for Prometheus allowing teams to monitor operations with the tools they have already invested in.