Key

Storage Plain v101 → current

The AccountId of the current sudo key, if any.

Explore chain
Queried by: validatorsdevelopersanalyticsstakers

The Big Picture

The sudo key is the 'root' account of a Substrate network - it can execute any call with Root origin, bypassing normal permission checks. This storage tells you who (if anyone) holds that power. In a fully decentralized network, this should be None (key removed). During network bootstrap or maintenance, it's typically set to a trusted account or multisig.

Why This Matters

Trust in a network depends on understanding who has ultimate control. If sudo exists, that account can do anything. Knowing the sudo key lets you assess governance risk. A None value means the network is fully decentralized with no admin override.

Example Scenario

Query Key() returns Some(5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY). That's the current sudo key holder. If you're evaluating network governance, research who controls that address. Query returns None? The network has removed sudo - no single admin exists.

Common Questions

What if Key() returns None?
Sudo is disabled. No one can execute sudo calls. The network is either fully decentralized or was configured without sudo from the start.
Can the sudo key be a multisig?
Yes! This is recommended for production networks. The Key can point to any AccountId, including multisig accounts that require multiple signatures to act.
How do I become the sudo key?
Only the current sudo key can transfer it via set_key. There's no way to claim sudo if you're not already the holder (or sudo is disabled).

Use Cases

  • Check if the network has an active sudo key
  • Identify who controls administrative functions
  • Verify you're the sudo key before calling sudo
  • Monitor for governance decentralization status

From Chain Metadata

The `AccountId` of the sudo key.

Purpose & Usage

Purpose

Identifies which account has administrative (root) privileges on the network.

Common Query Patterns

  • Query to check if sudo is enabled (non-empty)
  • Query to identify the current administrator
  • Verify before calling sudo functions

Notes

  • Optional storage - None means sudo is disabled
  • Only this account can execute sudo calls
  • Can be changed via set_key or removed via remove_key

Stored Value

AccountId

value (AccountId)

Decoding the value

AccountId (32-byte hex)

Bittensor uses SS58 prefix 42 for both hotkeys and coldkeys. The 32 bytes are sr25519 public keys.

value as `0x${string}` // 32-byte AccountId

Relationships

Modified By

remove_keyset_key

Related Events

KeyChangedKeyRemoved

Code Examples

import { createClient, Binary } from "polkadot-api";
import { getWsProvider } from "polkadot-api/ws";
import { sub } from "@polkadot-api/descriptors"; // generated by: npx papi add sub -w wss://entrypoint-finney.opentensor.ai:443

const client = createClient(getWsProvider("wss://entrypoint-finney.opentensor.ai:443"));
const api = client.getTypedApi(sub);

// Query Key storage (no keys - plain value)
const result = await api.query.Sudo.Key.getValue();
console.log("Key:", result);

Runtime Info

Pallet
Sudo
Storage Kind
Plain
First Version
v101
Current Version
v411
Back to Sudo Storage