# Signers

> Load the operator key that receives funds and signs settlement — local keypairs or env-driven config — and the demo-signer safety rail.

The operator identity is set on `configure(operator=Operator(signer=...))`. The signer co-signs x402 challenges and fee-pays settlement when configured. With no operator, the kit boots on a published demo signer on non-mainnet networks.

## Local key material

```python
from solana_pay_kit import Signer

Signer.file("operator.json")   # Solana CLI JSON keypair
Signer.env("OPERATOR_KEY")     # JSON / hex / base58 from an env var, auto-detected
Signer.demo()                  # the shared demo keypair (non-mainnet only)
```

## Wire it into configure

```python
import solana_pay_kit
from solana_pay_kit import Operator, Signer, Stablecoin

solana_pay_kit.configure(
    network="solana_mainnet",
    stablecoins=(Stablecoin.USDC, Stablecoin.PYUSD),
    operator=Operator(signer=Signer.file("operator.json")),
    rpc_url="https://mainnet.helius-rpc.com/?api-key=YOUR_KEY",
)
```

For env-driven deployments, `solana_pay_kit.configure_from()` reads the whole config from environment variables instead.

## The demo signer

`Signer.demo()` is the zero-config default recipient on non-mainnet networks — convenient for local development against the Surfpool sandbox. It is refused on mainnet: `configure(network="solana_mainnet")` with the demo signer raises [`DemoSignerOnMainnetError`](/docs/sdk/python/errors) so real funds never route to a publicly known key.