Fireblocks to PrimeVault Migration

setup admin key in fireblocks 1\) create a csr primevault generates the keypair and sends you the csr file customer uploads that csr when creating the api user the customer shares only the api key (id) back with primevault 2\) create the api user in fireblocks console in fireblocks console go to developer center → api users click add api user name it select role non signing admin upload the csr file submit and complete any required approval/quorum flow (your workspace may require approvals before the key becomes active) 3\) restrict the api key (strongly recommended) set an ip allowlist for the api key to primevault’s fixed ips 4\) share these details with primevault api key (id) of the created api user (from the api users list) your fireblocks api url what primevault will pull from fireblocks (read operations) a) external wallets (whitelisted destinations) primevault will call list external wallets and read assets\[] address (and tag where relevant) this endpoint explicitly allows non signing admin b) policies primevault will retrieve your active policy (and validation) using fireblocks policy endpoints (fireblocks documents retrieving the active policy via api) c) users primevault will read console users via fireblocks’ “get console users” endpoint, which is available for non signing admin keys what primevault will set up during workspace creation using the imported configuration, primevault will invite matching users (based on fireblocks console users) into primevault recreate your address book / whitelisted destinations using fireblocks external wallets (addresses + tags/memos) recreate equivalent policy controls in primevault based on your fireblocks active policy rules