This page explains how to import and export keys in MetaMask: exporting a private key string, importing accounts from a private key or JSON keystore, adding watch-only addresses, and how the wallet_watchAsset call works when a dApp asks MetaMask to add a token. I’ve used MetaMask daily for transactions across EVM-compatible chains and tested imports/exports on both extension and mobile. Expect practical steps, warnings, and links to deeper guides.
And one rule first: never paste a private key into a website or cloud note. Ever.
MetaMask is a non-custodial software wallet that stores both a seed phrase (the master recovery phrase) and individual private keys (for imported accounts) inside an encrypted vault in your browser/profile or mobile app. Short version: the seed phrase derives multiple accounts (HD derivation). A private key string maps to a single account. A watch account is read-only.
What I've found: when you restore with the seed phrase you get the accounts derived from that phrase. If you imported a private key separately, import that private key again after restore (it won't be recreated by the seed unless it was derived from it).
Exporting a private key shows the raw hex string used to sign transactions for that account. MetaMask requires your password before revealing it.
Extension (desktop) — export private key MetaMask:
Mobile — private key string MetaMask mobile:
Security tips while exporting:
![Placeholder: MetaMask export private key dialog screenshot]
MetaMask supports importing a single account via private key string or a JSON keystore file (V3). You can also restore a wallet using the seed phrase to recover all derived accounts.
Import using private key (extension/mobile):
Notes: importing a private key adds a single account (useful if you want to bring an address from another wallet). If you want the whole wallet back, use the seed phrase. See Restore wallet for the full restore flow.
Question: can you recover an entire MetaMask wallet with a private key? No — a private key recovers one account. The seed phrase recovers the master account set (all accounts derived from it).
Recommendation: keep at least one offline copy of your seed phrase. See backup-and-recovery-options for methods.
Watch account MetaMask: adding a watch-only address lets you monitor balances and transactions without giving signing power. Useful for monitoring cold/hardware addresses or someone else’s address.
To add a watch account: Menu → Add account → Watch account → paste the address. Watch accounts cannot sign (so they’re safe for tracking).
wallet_watchAsset MetaMask (dApp interaction)
DApps can call the JSON-RPC method wallet_watchAsset to ask MetaMask to add a token to the token list. The call only updates your UI — it does not grant token allowance or move funds.
Example (JS pseudo-call):
ethereum.request({
method: 'wallet_watchAsset',
params: {
type: 'ERC20',
options: { address: tokenAddress, symbol: 'ABC', decimals: 18 }
}
})
When a site triggers this, MetaMask will prompt you to confirm. Always check the token contract address before confirming. (Fake tokens use similar names.)
Moving a private key from Trust Wallet to MetaMask is a common workflow.
Steps:
A warning: restoring a seed phrase from another wallet into MetaMask usually works for Ethereum addresses, but different wallets sometimes use alternate derivation paths. If addresses don’t show up after a seed restore, import the private key directly or consult migration docs: migrate-from-trust-or-coinbase.
| Method | What you get | Good for | Risk / Limitations |
|---|---|---|---|
| Seed phrase | Whole wallet (HD accounts) | Full recovery of all derived accounts | Must be kept offline; exposes all derived accounts |
| Private key string | Single account | Quick migration from another wallet | Exposes that account only; unsafe if leaked |
| JSON keystore | Single account (encrypted) | File-based import with password | File + password exposure risk |
| Watch account | Read-only monitoring | Tracking balances without risk | Cannot sign / move funds |
But remember, watch accounts can’t sign — so if you want to move funds you’ll need the private key or a connected hardware device.
Q: Is it safe to keep crypto in a hot wallet? A: Hot wallets are convenient for daily DeFi activity but have higher attack surface than hardware wallets. Use small operational balances in a software wallet and move long-term holdings to hardware. See hardware-best-practices and security-best-practices.
Q: How do I revoke token approvals after importing an account? A: Use the revoke interface or a contract approval manager. The UX can vary per chain. See revoke-approvals for steps.
Q: What happens if I lose my phone? A: If you have the seed phrase you can restore on another device. If you only had private keys saved in the app and no seed, you must import those keys on the new device (if you backed them up). See backup-and-recovery-options.
Q: How do I recover MetaMask wallet with private key? A: Use Import Account → paste the private key. That recovers a single address. To recover all accounts, restore the seed phrase: restore-wallet.
Who it's best for:
Who should look elsewhere:
Exporting and importing keys in MetaMask is straightforward but risky if done casually. Use seed phrases for full recovery, private keys for single-account migration, and watch accounts for safe monitoring. If you’re moving from another app (Trust Wallet, for example) use a private key import when derivation paths don’t match. Want the step-by-step screenshots and extra troubleshooting? See the focused guide: how-to-export-import-private-key and the general import/recovery hub: import-and-recovery.
If you have a specific migration or recovery scenario, tell me which device and which wallet you’re coming from (mobile vs extension, Trust Wallet vs other) and I’ll outline exact steps.