set_key

Call v101 → current #2

Authenticates the current sudo key and sets a new sudo key.

View calls on chain

Call Workflow

set_key

Sudo Call

Executes with root privileges

1. Validation

Signature, nonce, mortality, fees

Signature

Nonce

Mortality

Fee payment

2. Pre-dispatch

Permission & state checks

Permission checks

State validation

3. Dispatch

Execute logic, modify state

KeyChanged Key

4. Post-dispatch

Final result & fee settlement

ExtrinsicSuccess

Fees settled

Svelte Flow

Click items to navigate. Pan and zoom to explore.

Used by: validatorssubnet ownersdevelopers

The Big Picture

Administrative control of a Substrate network is critical. set_key allows the current administrator to transfer that control to someone else. This is commonly used during network transitions - for example, moving from a single developer key to a multisig controlled by multiple parties.

Why This Matters

Networks evolve, and so should their governance. Initially, a single developer might hold the sudo key. As the network matures, control should transfer to a more decentralized entity - a council multisig, for example.

Example Scenario

Your network launched with your development key as sudo. Now it's time to decentralize. You call set_key(new=multisig_address). KeyChanged event confirms the transfer. Your old key no longer has sudo access; the multisig does.

Common Questions

Can I transfer to any account?: Yes, including multisig accounts, which is recommended for production networks. Ensure you control the new key before transferring!
Is this reversible?: Only if the new key holder agrees to transfer back. Once set, only the new key can call set_key to change it again.

Use Cases

Transfer administrative control to new entity
Rotate sudo key for security
Migrate from development to governance multisig
Emergency key rotation if compromise suspected

From Chain Metadata

Authenticates the current sudo key and sets the given AccountId (`new`) as the new sudo key. The dispatch origin for this call must be _Signed_. ## Complexity O(1).

Input Parameters

#	Name	Type	Description
0	new	MultiAddress AccountIdLookupOf<T>	new: Account address as a lookup source (typically resolves to AccountId)

Permissions

Origin

Root

Required Role

Root

Requirements

Signer must be the current sudo key
New key must be a valid account

Effects

Events Emitted

KeyChanged

Storage Modified

Key

Postconditions

Sudo.Key storage updated to new account
Old sudo key loses administrative access
KeyChanged event emitted

Side Effects

Previous sudo key can no longer execute sudo calls
New key immediately gains sudo privileges

Code Examples

// ----------------------------------------------------------------------
// HEADS UP: 1 arg below has a complex type with no usable default.
// Look for `undefined as any` and replace it with real value
// before running — the snippet compiles, but will fail at runtime as-is.
// ----------------------------------------------------------------------
import { createClient, Binary } from "polkadot-api";
import { getWsProvider } from "polkadot-api/ws";
import { sub } from "@polkadot-api/descriptors"; // generated by: npx papi add sub -w wss://entrypoint-finney.opentensor.ai:443

const client = createClient(getWsProvider("wss://entrypoint-finney.opentensor.ai:443"));
const api = client.getTypedApi(sub);

// Build set_key call (typed, named args)
const new_ = undefined as any /* MultiAddress — replace with real value */;

const tx = api.tx.Sudo.set_key({
  new: new_,
});

Runtime Info

Pallet Index: 12
Call Index: 2
First Version: v101
Current Version: v411

Back to Sudo Calls