Skip to main content

Overview

The anchor keys command provides subcommands for managing program keypairs, including listing all program keys and syncing declare_id! with actual keypair values.

Subcommands

  • list - List all program keys in the workspace
  • sync - Sync program declare_id! with actual keypair pubkeys

anchor keys list

List all program keypairs and their public keys in the workspace.

Syntax

anchor keys list

Description

This command scans the workspace for program keypairs (typically in target/deploy/) and displays:
  • Program name
  • Program ID (public key)
  • Keypair file path

Example

anchor keys list
Output: 
my_program: Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS
my_other_program: 2z9vL1zjN6qyAFHhHQdWYRTFAcy69pJydkZmSFBKHg1R
The output shows each program’s name and its corresponding program ID. These IDs are derived from the keypairs stored in target/deploy/.

Use Cases

  • Verify program IDs before deployment
  • Check which programs exist in the workspace
  • Copy program IDs for configuration files
  • Verify keypair files are present

anchor keys sync

Sync program declare_id! pubkeys with the actual pubkeys from program keypair files.

Syntax

anchor keys sync [OPTIONS]

Options

--program-name
string
Only sync the specified program instead of all programs

Description

This command:
  1. Reads the program ID from the keypair file in target/deploy/
  2. Updates the declare_id! macro in the program’s lib.rs to match
  3. Ensures consistency between keypairs and source code
This is useful when:
  • You’ve generated a new program keypair
  • You’ve copied a program from another workspace
  • The declare_id! is out of sync with the keypair

Examples

Sync All Programs

anchor keys sync
Output: 
Synced program IDs:
  my_program: Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS
  my_other_program: 2z9vL1zjN6qyAFHhHQdWYRTFAcy69pJydkZmSFBKHg1R

Sync Specific Program

anchor keys sync --program-name my_program
Output: 
Synced program ID:
  my_program: Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS

Before and After

Before sync (programs/my_program/src/lib.rs): 
use anchor_lang::prelude::*;

declare_id!("11111111111111111111111111111111");

#[program]
pub mod my_program {
    use super::*;
    // ...
}
After sync: 
use anchor_lang::prelude::*;

declare_id!("Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS");

#[program]
pub mod my_program {
    use super::*;
    // ...
}

Program Keypairs

Location

Program keypairs are stored in: 
target/deploy/<program_name>-keypair.json

Format

Keypair files are JSON arrays containing the secret key bytes: 
[174,47,154,16,202,...] // 64 bytes total

Generation

Program keypairs are automatically generated during:
  • anchor init - Creates keypair for initial program
  • anchor new - Creates keypair for new program
  • First build - Creates keypair if missing

Common Workflows

Creating a New Program

# Create new program
anchor new my_program

# List keys to see the generated program ID
anchor keys list

# Sync if needed
anchor keys sync --program-name my_program

Using Existing Keypair

# Copy keypair to target/deploy/
cp my-program-keypair.json target/deploy/my_program-keypair.json

# Sync the declare_id! with the keypair
anchor keys sync --program-name my_program

# Verify the sync
anchor keys list

Updating Program Configuration

After syncing, update Anchor.toml: 
[programs.localnet]
my_program = "Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS"

[programs.devnet]
my_program = "Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS"

Build Integration

By default, anchor build checks for program ID mismatches: 
# Build with ID verification (default)
anchor build

# Skip ID verification
anchor build --ignore-keys
If there’s a mismatch, you’ll see: 
Error: Program ID mismatch
  Expected: Fg6PaFpoGXkYsidMpWTK6W2BeZ7FEfcYkg476zPFsLnS
  Found:    11111111111111111111111111111111

Run `anchor keys sync` to fix this issue.

Notes

Keep your program keypairs secure! Anyone with access to the keypair file can upgrade your program (if they’re the upgrade authority).
Run anchor keys list before deployment to verify you’re deploying the correct program IDs.
The declare_id! macro is used at runtime to verify the program is executing under the correct program ID. Keeping it in sync with the keypair is essential.
For production deployments, store program keypairs securely and never commit them to version control. Add target/ to .gitignore.

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us