Getting Started with the Kaleido Platform

Enterprise blockchain has a reputation for being complicated. Kaleido exists to change that.

Whether you're launching a tokenized asset program, connecting legacy systems to on-chain workflows, or standing up your own private blockchain network, Kaleido gives you the infrastructure, tooling, and flexibility to move from prototype to production — without rebuilding from scratch every time the requirements shift.

A Platform Built for Real-World Complexity

The Kaleido platform is organized into three product lines, Digital Assets, Web3 Middleware, and Chain Infrastructure, each targeting a distinct layer of enterprise blockchain. Cutting across all three is a shared set of platform tools for smart contract management, key management, and policy enforcement.

Digital Assets

Digital Assets covers the complete lifecycle of institutional asset management: tokenization, custody, and the operational workflows that connect them.

Tokenization is powered by an asset manager service that handles the creation and management of data models, tokenized assets, policies, and tasks. It supports any custom smart contract, including ERC-20, ERC-721, ERC-1155, ERC-3643/T-REX, ERC-1400, and bespoke contract logic, with full indexing of on-chain events and correlation with off-chain data. The result is a live, automated view of your asset universe without building the plumbing yourself. Asset classes supported include tokenized securities, real-world assets (bonds, equities, money market funds, private credit), stablecoins, and digital-twin representations of off-chain records.

Kaleido Custody provides a curated API and user experience for securely holding, moving, and managing digital assets across networks and smart contracts. It supports the full spectrum of key storage models (hot, warm, cold, and air-gapped) with native integrations to leading cloud HSMs (AWS CloudHSM, Azure Key Vault, GCP Cloud HSM) and hardware HSMs including Thales Luna, Fortanix, IBM OSO, and Hashicorp Vault. For organizations with bespoke key infrastructure, the platform is compatible with any PKCS#11-compliant keystore via the Remote Signing Module.

Critically, Kaleido never generates or holds private keys on your behalf. Keys are generated and retained within your chosen secure environment. The Remote Signing Module is deployed co-located with your HSM, validates signing payloads before the HSM is ever invoked, and enforces policy at the signing layer — not just at the API.

All digital assets operations are clearly governed through a consistent policy layer: issue, own, transfer, redeem, approve, and onboard business users and systems through a structured operational interface.

Web3 Middleware

Web3 Middleware is the connective tissue between your enterprise systems and the blockchain. It handles transaction orchestration, event streaming, smart contract lifecycle management, and integration with external data sources and legacy systems. 

FireFly Enterprise is the premier Web3 orchestration engine and the first open-source middleware built specifically for enterprises. Built on Hyperledger FireFly, co-created with the Linux Foundation Decentralized Trust, it serves as a complete Web3 gateway that accelerates application development by providing a rich stack of native Web3 services on a scalable, cloud-native Kubernetes platform. FireFly dynamically generates typed REST APIs for any smart contract so developers can build against a familiar interface without mastering the underlying protocol. An event bus handles retries, confirms finality, and sequences complex transactions automatically, ensuring 100% reliable data flow at any scale. Because it's built on an open-source standard under an Apache 2.0 license, it prevents vendor lock-in and provides a connector framework that keeps your infrastructure future-proof as new protocols emerge.

FireFly Connectors provide programmable transaction orchestration for any chain. Acting as a unified, intelligent translation layer between your business systems and the blockchain, FireFly Connectors let your applications speak to any chain in familiar Web2 terms while guaranteeing Web3-grade reliability underneath. Guaranteed exactly-once transaction delivery prevents settlement risk, while a durable real-time event stream ensures your off-chain systems always reflect the on-chain ledger with zero missed events. Transaction logic is fully programmable — from compliance policy enforcement to gas strategy tuning — so you can match your exact operational standards without rewriting your integration layer when you add new networks or swap protocols.

Interop Hub enables cross-chain workflows and seamless integration with core banking and legacy systems using institutionally trusted bridging patterns. It provides the connectivity layer for workflows that need to span multiple chains or reach back into existing enterprise infrastructure — without bespoke integration work for every new connection.

Together, these three components abstract the full complexity of multi-chain, multi-protocol operations behind a consistent, enterprise-grade API surface — whether you're connecting to networks provisioned through Kaleido's own Chain Infrastructure or via RPC endpoints to external ecosystems.

Chain Infrastructure

Chain Infrastructure handles the foundation: deploying nodes, connecting to public networks, and standing up private or permissioned networks with full governance, permissioning, and operational controls.

Public Chains: Enterprise-grade node configurations with dedicated priority transaction support, gas management, retry logic, and performance optimizations baked in. Supported networks include:

• Ethereum
• Bitcoin
• Polygon
• Avalanche
• Canton
• Arbitrum
• Base
• Stellar
• Other EVM-compatible L2/L3 networks

Private & Consortium Chains: Kaleido is a core enterprise maintainer of the Hyperledger Besu protocol, and private and consortium chain support is where Kaleido's pedigree runs deepest. Consortium chains, app chains, and side chains can be launched in minutes with custom, scalable, enterprise-grade configurations. Supported protocols include:

• Hyperledger Besu
• Hyperledger Fabric
• Corda

Load balancing and advanced permissioning are available out of the box for EVM chains via the EVM Gateway service, and a block indexer provides explorer-grade visibility into any network deployed within the platform. Public and private IPFS nodes are also available for decentralized off-chain data storage.

Remote Nodes: For organizations operating on third-party permissioned blockchain networks, Remote Nodes allow you to spin up and manage connectivity to those external environments through the same Kaleido platform, maintaining a unified operational view regardless of where your infrastructure lives.

Privacy: Paladin

Kaleido is a recognized leader in enterprise privacy technology. Paladin is Kaleido's full-stack programmable privacy framework for EVM networks. You can think of it less as a single privacy feature and more as a complete toolbox for privacy-preserving workflows.

Its architecture separates private value (tokens) from private logic (smart contracts) and provides the interoperable components to combine them into end-to-end confidential workflows. Core capabilities include a modular runtime client for executing privacy-preserving smart contracts on any EVM-compatible network, reference implementations of private tokens using zero-knowledge proofs or issuer-based notarized pre-verification, and a programmable privacy model supporting private EVM smart contract execution within defined privacy groups.

For institutions building in regulated markets, where counterparty visibility, selective disclosure, and transactional confidentiality aren't optional, Paladin provides the foundation.

Platform-Wide Tools

Four shared tools run across all product lines:

Workflow Engine manages the full transaction lifecycle from initiation to settlement, serving as the orchestration layer that ties policy, signing, and external systems together into coherent, automated business processes. Workflows are composable and configurable per blockchain network, asset class, jurisdiction, transaction type, or value threshold. They can be authored as code for advanced use cases or configured through the platform UI for operational teams. Native gas handling, transaction prioritization, and error management are built in, as are external API calls to core systems and conditional multi-step logic.

Smart Contract Manager handles the full smart contract lifecycle: upload, compilation, deployment, ABI-based REST API generation, versioning, and listener configuration. The platform is contract-agnostic so builders can bring your own contracts or start from Kaleido's templates.

Key Manager provides the full key lifecycle (generation, backup, rotation, destruction) with advanced permissions that map real-world identities to specific keystores and restrict which actions each identity can perform. HD wallet (BIP32/39) derivation is supported for hierarchical key structures, and the Key Manager is deeply integrated across the platform so signing happens seamlessly as transactions are processed.

Policy Manager enables users to define, deploy, and execute deterministic, versioned, off-chain policies as components of automated workflows. Policies are written in Rego (Open Policy Agent) and can be conditioned on source and destination wallet, transaction value and velocity, asset type, counterparty identity, screening results, and organizational or jurisdictional classification. Supported approval models include RBAC, maker/checker (2-eye), 4-eye, multi-level sequential, threshold/quorum, and conditional policy-based automation. Common templates for transfer limits, transfer approvals, and tiered approvals are provided out of the box.

Deployment on Your Terms

Kaleido supports fully managed SaaS, on-premise Kubernetes-native deployments, and hybrid configurations where Kaleido manages the platform while your signing infrastructure stays co-located with your HSMs. The platform is SOC 2 Type 2 and ISO 27001 certified and exposes 500+ APIs for integration with existing enterprise systems.

Ready to start building? Our team is ready to get to know you, your use cases and support you to get started.