1
Choose your stack
Target CLN or LDK to match your architecture
Apache Licensed & Open Source
Scale Lightning liquidity without compromising security
The VLS SDK moves your Lightning keys and signing logic onto a dedicated signer that enforces Lightning rules and your policies before releasing a signature.
The key question is "what if the node is compromised?"
With VLS, a compromised Lightning node can't move funds outside the signer's policies. Even with a compromised node, your funds are safe.
- Production-ready
- Security audited
See VLS in action
The Problem
Lightning has a security problem
Hot wallets are vulnerable
One breach can drain all funds. Keys stored on nodes create single points of failure.
No standard for Lightning‑safe signing
Most teams wrap a hot wallet with custom scripts or plugins. That's hard to audit, easy to misconfigure, and ultimately caps how much risk you're willing to put on a single node.
Custodial burden slows growth
Custodial obligations can slow iteration and limit market entry.
The Solution
VLS fixes this
Enterprise-grade security
Keys remain strictly off-node, can be secured on hardened devices and paired with customizable security policies.
Smart validation
Validate every operation before signing. Stay secure even if node is compromised.
Truly non-custodial
Users retain control. Reduce custodial risk and regulatory overhead.
From zero to validated signing
Choose your stack and follow three simple steps
2
Run quickstart
Local test environment with signer connection
Get Started3
See validation
Confirm policy checks run and unsafe requests are blocked
Policy ExamplesHow VLS compares
Compare security and custody models for serious Lightning balances.
| Feature | Recommended VLS | Non-custodial hot wallet | Custodial hot-wallet |
|---|---|---|---|
| Keys off-node (dedicated signer) | ✓ | ✕ | ✕ |
| Independent validation & policy component | ✓ | ✕ | ✕ |
| Non‑custodial | ✓ | ✓ | ✕ |
| Safe if node is compromised | ✓ | ✕ | ✕ |
| Regulatory compliance* | Low burden (in non‑custodial designs) | Medium burden | High burden (full custody) |
| Security profile | Enterprise‑grade; designed for large LN balances | Single‑box hot wallet; harder to harden and audit | Centralised custodian; you trust their controls completely |
* Very rough comparison only, not legal advice. Actual regulatory exposure depends on your jurisdiction, licensing, and how you structure custody and settlement—always consult counsel for your specific setup.
How this translates into business results
Real outcomes from better Lightning security architecture
Raise channel limits confidently
With node-compromise risk contained at the signer, you can hold larger Lightning balances without feeling like you're betting the company on one box.
Shorter audits & easier approvals
Clear separation of duties and policy controls make it easier to explain your security model to risk teams, regulators, and enterprise customers.
Skip 10+ person-years of DIY signer work
VLS bakes in Lightning-aware checks and integrations so your team can focus on product instead of building and maintaining a bespoke security subsystem.
Built for Every Lightning Use Case
Whether you're securing your own funds or building for customers
Secure Your Own Funds
While Maintaining Custody
Secure your Lightning funds with enterprise-grade security. Keep keys in a separate environment while maintaining full self-custody.
- Skip years of security development and ship products faster
- Grow channel balances from thousands to millions, without worrying about security
- Custom policy rules, role-based approvals and audit trails tailored to your risk tolerance
Secure Customer Funds
Without Taking Custody
Build truly non-custodial Lightning wallets and services where only users can control their funds. Reduce your regulatory burden and increase user trust.
- Avoid regulatory compliance headaches by never holding custody of user funds
- Win institutional clients by showing their funds are safe
- Enter jurisdictions with strict custody regulations faster
What's New
Recent VLS releases & improvements
Dauntless Durga
Integrates lnrod into main workspace, adds BOLT12 signing support, improves monitoring, and upgrades dependencies for security and performance.
Release notesCelestial Citadel
Adds SimplePolicy config, LDK phase-2 support, and key handling fixes.
Release notesBenevolent Basilisk
Introduces LSS support, trusted oracle validation, and HSMD v6.
Release notesCommon questions
What is VLS?
VLS (Validating Lightning Signer) keeps Lightning private keys off the node and validates every request before signing. If a node is compromised or misbehaves, VLS refuses the signature. Result: non‑custodial control, hot‑wallet speed and enterprise-grade security.
What happens if I'm running VLS and the node is compromised?
The attacker can request operations, but VLS checks channel state, HTLCs, amounts, destinations, and timing before signing. Malicious or out‑of‑policy requests are rejected, containing the incident.
Is a VLS setup truly non‑custodial?
Yes. Under the standard definition: only the user who holds keys with VLS can move funds. The node may propose updates, but the validating signer enforces policy and approves or rejects. A compromised node alone cannot move funds.
Which Lightning stacks are supported?
VLS ships reference integrations for CLN and LDK. LND and Eclair are not yet supported.
What's included in the VLS SDK?
Validating signer with policy engine, vlsd daemon/Docker, UTXO oracle (txood), Lightning Storage Server, and CLN/LDK integrations. Licensed Apache‑2.0 and open for audit.
How does VLS help growth?
Fewer custody incidents and less custom security code frees up time to ship features. Non‑custodial options powered by VLS attract users who won't deposit funds in custodial solutions. See Greenlight's case study.
Ship non-custodial Lightning that can't be rugged
Join industry leaders who trust VLS to protect Lightning funds.
Apache-licensed & open source
Keys stay in your environment