A comprehensive guide to generating custom Solana wallet addresses using the official Solana CLI tools.
- Overview
- Installation Prerequisites
- Command Reference
- Performance Estimates
- Security Best Practices
- Troubleshooting
A vanity address is a cryptocurrency wallet address that contains a custom prefix, suffix, or both. For example, you might want an address that starts with SOL or MyApp. The Solana CLI provides the solana-keygen grind command to generate these addresses through brute-force searching.
Solana uses Base58 encoding for addresses, which includes:
- Uppercase letters:
A-H,J-N,P-Z(excludesI,O) - Lowercase letters:
a-k,m-z(excludesl) - Numbers:
1-9(excludes0)
Invalid characters: 0 (zero), O (capital o), I (capital i), l (lowercase L)
These characters are excluded to prevent visual confusion.
- Operating System: Linux, macOS, or Windows with WSL2
- CPU: Multi-core recommended (more cores = faster generation)
- Memory: 1GB minimum
- Disk Space: 500MB for Solana CLI tools
# Install the Solana CLI
sh -c "$(curl -sSfL https://release.solana.com/stable/install)"
# Add to PATH (add to ~/.bashrc or ~/.zshrc for persistence)
export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"
# Verify installation
solana --version
solana-keygen --versionbrew install solana# First, ensure WSL2 is installed with Ubuntu
wsl --install -d Ubuntu
# Then follow Linux installation steps inside WSL
sh -c "$(curl -sSfL https://release.solana.com/stable/install)"- Minimum: Solana CLI v1.16.0
- Recommended: Latest stable release
# Check your version
solana --version
# Update to latest
solana-install update# Verify solana-keygen is accessible
which solana-keygen
# Test basic functionality
solana-keygen new --no-bip39-passphrase --no-outfile
# Should output a public key - this confirms the tool worksThe main command for generating vanity addresses.
solana-keygen grind [OPTIONS]Generate an address starting with the specified prefix.
# Generate address starting with "SOL"
solana-keygen grind --starts-with SOL:1
# The ":1" means generate 1 matching keypair
# Multiple prefixes can be specified
solana-keygen grind --starts-with SOL:1 --starts-with ABC:2Generate an address ending with the specified suffix.
# Generate address ending with "pay"
solana-keygen grind --ends-with pay:1Generate an address with both a specific prefix and suffix.
# Generate address starting with "My" and ending with "App"
solana-keygen grind --starts-and-ends-with My:App:1Perform case-insensitive matching (increases success rate ~64x for each letter).
# Match "sol", "Sol", "SOL", "soL", etc.
solana-keygen grind --starts-with sol:1 --ignore-caseSpecify the number of CPU threads to use (default: all available).
# Use 4 threads
solana-keygen grind --starts-with ABC:1 --num-threads 4
# Check available threads
nproc # Linux
sysctl -n hw.ncpu # macOSOutput the keypair to stdout instead of saving to a file.
# Print to stdout (JSON format)
solana-keygen grind --starts-with AB:1 --no-outfileGenerate a mnemonic phrase alongside the keypair.
solana-keygen grind --starts-with AB:1 --use-mnemonicBy default, keypairs are saved with the following naming convention:
<PUBLIC_KEY>.json
For example: SOLabcXYZ123...789.json
The file contains a JSON array of 64 bytes representing the secret key.
# Simple 2-character prefix
solana-keygen grind --starts-with AB:1
# Case-insensitive 3-character prefix
solana-keygen grind --starts-with sol:1 --ignore-case
# Generate 5 addresses with same prefix
solana-keygen grind --starts-with My:5
# Specific prefix and suffix
solana-keygen grind --starts-and-ends-with Pay:Now:1
# Multiple different prefixes
solana-keygen grind --starts-with SOL:1 --starts-with PAY:1 --starts-with DEX:1
# Maximum performance (all cores, case insensitive)
solana-keygen grind --starts-with abcd:1 --ignore-case --num-threads $(nproc)Vanity address generation time grows exponentially with prefix length. Each additional character multiplies the average time by ~58 (the Base58 alphabet size).
| Prefix Length | Avg. Combinations | Estimated Time (8 cores) | With --ignore-case |
|---|---|---|---|
| 1 char | ~58 | < 1 second | < 1 second |
| 2 chars | ~3,364 | < 1 second | < 1 second |
| 3 chars | ~195,112 | 1-5 seconds | < 1 second |
| 4 chars | ~11.3 million | 30 sec - 2 min | 1-5 seconds |
| 5 chars | ~656 million | 10-30 minutes | 30 sec - 2 min |
| 6 chars | ~38 billion | 8-24 hours | 15-45 minutes |
| 7 chars | ~2.2 trillion | 2-4 weeks | 12-36 hours |
| 8 chars | ~128 trillion | 1-3 years | 2-6 weeks |
Note: Times are estimates and vary based on CPU speed and luck.
Performance scales nearly linearly with CPU cores:
| Cores | Relative Speed |
|---|---|
| 1 | 1x |
| 2 | ~2x |
| 4 | ~4x |
| 8 | ~7.5x |
| 16 | ~14x |
| 32 | ~27x |
# Check your CPU core count
nproc # Linux
sysctl -n hw.ncpu # macOS
cat /proc/cpuinfo | grep processor | wc -l # Linux alternativeUsing --ignore-case dramatically reduces search time:
- Each letter has 2 case variants (upper/lower)
- A 4-letter prefix with
--ignore-case: 2^4 = 16x faster - Numbers and some letters have no case variants
- Use all available cores: Default behavior, but verify with
--num-threads - Use
--ignore-case: When case doesn't matter - Choose efficient characters: Some characters appear more frequently
- Start with shorter prefixes: Test with 2-3 chars first
- Consider suffix matching: Sometimes suffix is easier
- NEVER share your secret key - Anyone with the secret key controls the wallet
- NEVER upload keypair files to cloud storage, GitHub, or any online service
- NEVER send keypair files via email, chat, or any electronic communication
- NEVER generate keys on shared or compromised systems
Always set restrictive permissions on keypair files:
# Set owner-only read/write (recommended)
chmod 600 <keypair-file>.json
# Verify permissions
ls -la <keypair-file>.json
# Should show: -rw------- 1 user user ...
# Alternatively, owner read-only
chmod 400 <keypair-file>.json-
Encrypted Storage
# Encrypt with GPG gpg --symmetric --cipher-algo AES256 keypair.json # Decrypt when needed gpg --decrypt keypair.json.gpg > keypair.json
-
Hardware Security
- Store on encrypted USB drives
- Consider hardware wallets for high-value addresses
- Keep offline backups in secure physical locations
-
Backup Strategy
- Create multiple encrypted backups
- Store in geographically separate locations
- Test restoration periodically
Always verify your keypair after generation:
# Extract public key from keypair file
solana-keygen pubkey <keypair-file>.json
# Verify it matches the filename and your expected prefix
# The output should start with your chosen prefix
# Verify the keypair is valid
solana-keygen verify <PUBLIC_KEY> <keypair-file>.jsonWhen deleting test or temporary keypair files:
# Secure deletion (Linux)
shred -vfz -n 5 <keypair-file>.json
# macOS (install coreutils for gshred)
brew install coreutils
gshred -vfz -n 5 <keypair-file>.json
# Alternative: overwrite then delete
dd if=/dev/urandom of=<keypair-file>.json bs=1024 count=1 2>/dev/null
rm -f <keypair-file>.jsonBefore generating vanity addresses:
- Using a trusted, non-shared computer
- Operating system is up-to-date
- No screen sharing or remote access active
- Antivirus/malware scan completed
- Working directory has restricted access
- Network connection is secure (or disconnected for maximum security)
# Add Solana to PATH
export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"
# Add to shell config for persistence
echo 'export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"' >> ~/.bashrc
source ~/.bashrcEnsure your prefix only contains valid Base58 characters:
- Valid:
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz - Invalid:
0,O,I,l
# This will fail - contains "0" (zero)
solana-keygen grind --starts-with A0B:1
# Use this instead
solana-keygen grind --starts-with AOB:1 # "O" is valid- Reduce prefix length
- Use
--ignore-caseflag - Check CPU usage with
htoportop - Try a different prefix with more common starting characters
# Fix file permissions
chmod 600 <keypair-file>.json
# Fix directory permissions
chmod 700 <directory># Limit threads to reduce memory usage
solana-keygen grind --starts-with ABC:1 --num-threads 2# View help for grind command
solana-keygen grind --help
# General keygen help
solana-keygen --help
# Check Solana documentation
# https://docs.solana.com/cli/wallets/file-system# Basic generation
solana-keygen grind --starts-with <PREFIX>:1
# Case-insensitive
solana-keygen grind --starts-with <PREFIX>:1 --ignore-case
# With suffix
solana-keygen grind --ends-with <SUFFIX>:1
# Both prefix and suffix
solana-keygen grind --starts-and-ends-with <PREFIX>:<SUFFIX>:1
# Verify after generation
solana-keygen pubkey <file>.json
solana-keygen verify <PUBKEY> <file>.json
# Secure the file
chmod 600 <file>.jsonThe repository includes production-ready Bash scripts in scripts/ that wrap solana-keygen with additional features like validation, permissions, and batch processing:
| Script | Purpose |
|---|---|
scripts/generate-vanity.sh |
Generate a vanity address with automatic file permissions and verification |
scripts/batch-generate.sh |
Generate multiple vanity addresses in batch |
scripts/verify-keypair.sh |
Verify a keypair file is valid and matches expected address |
scripts/utils.sh |
Shared utility functions used by other scripts |
# Generate a single vanity address
./scripts/generate-vanity.sh --prefix SOL
# Batch generate 5 addresses
./scripts/batch-generate.sh --prefix My --count 5
# Verify a keypair
./scripts/verify-keypair.sh <keypair-file>.jsonThese scripts automatically handle file permissions (0600), verification, and error handling.
This documentation is part of the Solana Vanity Address Toolkit. Always prioritize security when handling cryptocurrency private keys.