Skip to main content

Creating a developer identity

Beginner
Getting started
Tutorial

On the Internet Computer (ICP), a developer identity is essential to developing canisters. Developer identities use a private/public key pair for authentication. The public key can be distributed openly as it will be used to encrypt messages. The private key must be kept secret and stored securely.

Developer identities have a principal, a generic identifier value used to identify users, canisters, and potentially other entities on the network in the future. Each developer identity's principal value is derived from the identity's public key.

What are developer identities used for?

When a canister is created and deployed, the developer identity that created the canister is automatically set as a controller of that canister. A controller has permission to manage the canister, including:

  • Starting and stopping the canister.

  • Installing and upgrading canister code.

  • Viewing the canister's status and logs.

  • Configuring the settings of the canister, such as setting the resource allocation or adding additional controllers.

If you are working on a project collaboratively with others, your identity's principal can be added as a controller of that project's canisters.

Once a canister is deployed, it will consume resources such as storage and compute. Canisters must pay for these resources using cycles. Your developer identity is used to mint and transfer cycles to your canisters.

ICP identity terms

Developer identities are not the only form of identity on ICP. Other ICP identity-related terms you will come across include:

  • Ledger account identifier: The identifier associated with your ICP ledger account; used to send and receive ICP tokens.

  • Internet Identity: ICP's native authentication service. Internet Identity doesn't use usernames and passwords; instead, it uses a passkey stored in your local device's hardware.

By default, dfx will create and use the default identity. This identity is not stored securely. It is recommended you create your own personal identity.

First, use dfx to list all current identities. If none exist, it will automatically create the default identity.

dfx identity list

Then, create your personal developer identity with the command:

dfx identity new IDENTITY_NAME
Output
Your seed phrase for identity 'IDENTITY_NAME': hotel knock any token tooth deal fossil salmon coral idea tip weapon cotton save fiction major arrive history library clerk depth poet path guide
Write it down in a safe place, as this information can be used to reconstruct your key in case of emergency.
Created identity: "IDENTITY_NAME".

Identities created with dfx are global; they are not confined to a specific project's context.

Identity names must use the characters ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.-_@0123456789.

To recover an identity, use dfx identity import --seed-file seedphrase.txt, where seedphrase.txt contains the seed phrase shown when you created your identity.

Storing the developer identity's private key

The private key for an identity is stored in the ~/.config/dfx/identity/IDENTITY_NAME/identity.pem. This file should be backed up to a secure location.

By default, dfx will store your identity in the local keyring/keychain. If a keyring/keychain is unavailable, it will prompt you to choose a password, then store your private key locally in a password-protected PEM file at ~/.config/dfx/identity/IDENTITY_NAME/identity.pem.encrypted.

Using your developer identity

Once your identity is created, you must tell dfx that this is the identity you want to use. If you do not, the default identity will be used, and any canister creation and management you execute will not be secure.

To use your new identity, run the command:

dfx identity use IDENTITY_NAME
Output
Using identity: "IDENTITY_NAME".

Your developer identity will have a principal identifier in the format itk7v-ihlxk-ktdrh-fcnst-vkoou-orj77-52ogl-jqwj5-zpfdv-az3lr-xqe.

To view the principal identifier for your identity:

dfx identity get-principal
Output
aez2y-7yvs5-e6dpq-gwlld-t6ozx-l5hoo-j4vwr-mimoy-me2xq-yrxkx-rae

Next step

Next, you must obtain cycles. Cycles are required to pay for the resources a canister consumes.