Security

Private keys on the server

Latrine Bot needs your dev wallet secret to sign claim, buyback, and airdrop transactions. Secrets are encrypted at rest with a server master key and decrypted only during an active cycle.

Recommendations

• Use a dedicated dev wallet — not your main holdings wallet.
• Keep only enough SOL for fees and operations.
• Rotate metrics API keys if a stream overlay URL leaks.
• Revoke dashboard access by disconnecting the wallet session.

What we never log

Private keys and full RPC URLs are not written to public event feeds or metrics responses.