From ac07e934c215897cb41186e94060ec32f6b94ba7 Mon Sep 17 00:00:00 2001
From: Olivia Thet <olivia@turnkey.io>
Date: Mon, 6 May 2024 15:31:40 -0400
Subject: [PATCH 1/3] add export cli to export integration guide

---
 docs/documentation/features/export-wallets.md | 47 ++++++++++++++++++-
 1 file changed, 45 insertions(+), 2 deletions(-)

diff --git a/docs/documentation/features/export-wallets.md b/docs/documentation/features/export-wallets.md
index 24a2b748..a93866b8 100644
--- a/docs/documentation/features/export-wallets.md
+++ b/docs/documentation/features/export-wallets.md
@@ -6,9 +6,52 @@ slug: /features/export-wallets
 
 # Export Wallets and Keys
 
-Turnkey's export functionality allows your end users to backup or transfer a [Wallet](/concepts/Wallets) by securely viewing the wallet's [mnemonic phrase](https://learnmeabitcoin.com/technical/mnemonic). We engineered this feature to ensure that the user can export their mnemonic without exposing the mnemonic itself to Turnkey or your application.
+Turnkey's export functionality allows your end users to backup or transfer a [Wallet](/concepts/Wallets) by securely viewing the wallet's [mnemonic phrase](https://learnmeabitcoin.com/technical/mnemonic). We engineered this feature to ensure that the user can export their mnemonic or private key without exposing the mnemonic itself to Turnkey or your application.
 
-Follow along with the Embedded iframe guide.
+Follow along with the CLI or Embedded iframe guide.
+
+## CLI
+
+Install the latest version of Turnkey CLI to access the new export functionality. You can find detailed instructions for installation [here](https://github.com/tkhq/tkcli).
+
+### Steps
+
+1. Generate an encryption key:
+```sh
+turnkey generate encryption-key \
+--user $USER_ID \
+--organization $ORGANIZATION_ID \
+```
+- The `--user` flag (required) is the id of the user exporting the private key; this is required because the underlying encryption keys used for import are scoped to each user.
+
+2. Export private key:
+```sh
+turnkey wallets export \
+--user $USER_ID \
+--name "demo key"  \
+--export-bundle-output "./export_bundle.txt" \
+--key-name demo 
+```
+- The `--export-bundle-output` (required) flag is the desired output file path for the "export bundle” that will be sent from Turnkey.
+
+3. Decrypt without saving plaintext to filesystem. This can be done offline:
+```sh
+turnkey decrypt \
+--export-bundle-input "./export_bundle.txt"
+```
+- The `--export-bundle-input` (required) flag is the desired input file path for the "export bundle” that was sent from Turnkey in Step 2. The export bundle” contains the ephemeral public key generated by the CLI as part of the shared secret computation with the Turnkey signer enclave. It also contains the ciphertext, which is the plaintext input encrypted by the Turnkey signer’s ephemeral public key.
+- The `--plaintext-output` (optional) flag is the desired output file path for the private key plaintext. If you don't pass this flag, the plaintext will be written to stdout.
+
+### Private Key support
+
+Turnkey CLI also supports exporting private keys. Follow the same steps as exporting a wallet via CLI but use the `turnkey private-keys` commands instead. In Step 3 (`decrypt`), pass a `--key-format` flag for key-specific formatting; the options for private keys are:
+  - `hexadecimal`: Used for Ethereum. Examples: 0x13eff5b3f9c63eab5d53cff5149f01606b69325496e0e98b53afa938d890cd2e, 13eff5b3f9c63eab5d53cff5149f01606b69325496e0e98b53afa938d890cd2e
+  - `solana`: Used for Solana. It’s a base58-encoding of the concatenation of the private key and public key bytes. Example: 2P3qgS5A18gGmZJmYHNxYrDYPyfm6S3dJgs8tPW6ki6i2o4yx7K8r5N8CF7JpEtQiW8mx1kSktpgyDG1xuWNzfsM
+```sh
+turnkey decrypt \
+--export-bundle-input "./export_bundle.txt" \
+--key-format “hexadecimal” 
+```
 
 ## Embedded iframe
 

From df24b921060a459ea1e10e663b92a0501b8b7667 Mon Sep 17 00:00:00 2001
From: Olivia Thet <olivia@turnkey.io>
Date: Mon, 6 May 2024 15:36:49 -0400
Subject: [PATCH 2/3] add import iframe styles guide

---
 docs/documentation/features/import-wallets.md | 47 +++++++++++--------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/docs/documentation/features/import-wallets.md b/docs/documentation/features/import-wallets.md
index 550d3211..f4107354 100644
--- a/docs/documentation/features/import-wallets.md
+++ b/docs/documentation/features/import-wallets.md
@@ -141,30 +141,37 @@ Import is complete!
 
 In your Turnkey dashboard, the imported user Wallet will be flagged as “Imported”.
 
-## UI customization
-
-Everything is customizable in the import iframe except the sentence of mnemonic words, which is minimally styled: the text is left-aligned and the padding and margins are zero. Here's an example of how you can configure the styling of the iframe.
+### UI customization
 
+Use `iframeStamper.applySettings(settings)` where settings currently consists of the `styles` object with the following accepted CSS style properties in the example:
 ```js
-const iframeCss = `
-iframe {
-    box-sizing: border-box;
-    width: 400px;
-    height: 120px;
-    border-radius: 8px;
-    border-width: 1px;
-    border-style: solid;
-    border-color: rgba(216, 219, 227, 1);
-    padding: 20px;
+{
+  "styles": {
+    "padding": "10px",
+    "margin": "10px",
+    "borderWidth": "1px",
+    "borderStyle": "solid",
+    "borderColor": "transparent",
+    "borderRadius": "5px",
+    "fontSize": "16px",
+    "fontWeight": "bold",
+    "fontFamily": "SFMono-Regular, Menlo, Monaco, Consolas, monospace",
+    "color": "#000000",
+    "backgroundColor": "rgb(128, 0, 128)",
+    "width": "100%",
+    "height": "auto",
+    "maxWidth": "100%",
+    "maxHeight": "100%",
+    "lineHeight": "1.25rem",
+    "boxShadow": "0px 0px 10px #aaa",
+    "textAlign": "center",
+    "overflowWrap": "break-word",
+    "wordWrap": "break-word",
+    "resize": "none"
+  }
 }
-`;
-
-return (
-  <div style={{ display: iframeDisplay }} id="your-container">
-    <style>{iframeCss}</style>
-  </div>
-);
 ```
+Each accepted styles property is strictly validated and santizied before being applied to the textbox containing the plaintext.
 
 ### Private Key support
 

From 146e593a8c8e9936079e813d5b282c42068571d4 Mon Sep 17 00:00:00 2001
From: Olivia Thet <olivia@turnkey.io>
Date: Mon, 6 May 2024 15:50:07 -0400
Subject: [PATCH 3/3] more details on encryption-key-name flag

---
 docs/documentation/features/export-wallets.md | 7 ++++++-
 docs/documentation/features/import-wallets.md | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/documentation/features/export-wallets.md b/docs/documentation/features/export-wallets.md
index a93866b8..f3d00976 100644
--- a/docs/documentation/features/export-wallets.md
+++ b/docs/documentation/features/export-wallets.md
@@ -21,8 +21,10 @@ Install the latest version of Turnkey CLI to access the new export functionality
 turnkey generate encryption-key \
 --user $USER_ID \
 --organization $ORGANIZATION_ID \
+--encryption-key-name "demo-enc"
 ```
 - The `--user` flag (required) is the id of the user exporting the private key; this is required because the underlying encryption keys used for import are scoped to each user.
+- The `--encryption-key-name` (optional) is the name of the encryption key that you will use in Step 2. By default, the encryption key's name is "default".
 
 2. Export private key:
 ```sh
@@ -30,9 +32,12 @@ turnkey wallets export \
 --user $USER_ID \
 --name "demo key"  \
 --export-bundle-output "./export_bundle.txt" \
---key-name demo 
+--encryption-key-name "demo-enc" \
+--key-name demo
 ```
 - The `--export-bundle-output` (required) flag is the desired output file path for the "export bundle” that will be sent from Turnkey.
+- The `--encryption-key--name` (optional) flag specifies the one-time encryption key that you will use to export the wallet or private key.
+- Reminder: The `--key-name` (optional) flag specifies the name of API key with which to interact with the Turnkey API service. This should be the name of a previously created key. If you do not have one, visit the quickstart guide for help creating one.
 
 3. Decrypt without saving plaintext to filesystem. This can be done offline:
 ```sh
diff --git a/docs/documentation/features/import-wallets.md b/docs/documentation/features/import-wallets.md
index f4107354..a0947474 100644
--- a/docs/documentation/features/import-wallets.md
+++ b/docs/documentation/features/import-wallets.md
@@ -25,7 +25,7 @@ turnkey wallets init-import \
 ```
 - The `--user` flag (required) is the id of the user importing the private key; this is required because the underlying encryption keys used for import are scoped to each user.
 - The `--import-bundle-output` (required) flag is the desired output file path for the “import bundle” that will be received from Turnkey. The “import bundle” contains the ephemeral public key generated by the Turnkey signer enclave for the specified user. The private key plaintext is encrypted to this public key in Step 2.
-- Reminder: The `--key-name` flag specifies the name of API key with which to interact with the Turnkey API service. This should be the name of a previously created key. If you do not have one, visit the quickstart guide for help creating one.
+- Reminder: The `--key-name` (optional) flag specifies the name of API key with which to interact with the Turnkey API service. This should be the name of a previously created key. If you do not have one, visit the quickstart guide for help creating one.
 
 2. Encrypt without saving plaintext to filesystem. This can be done offline:
 ```sh