[rfc] Disallow loading and creating wallets by paths #34497

issue achow101 openend this issue on February 3, 2026
  1. achow101 commented at 11:20 pm on February 3, 2026: member

    A discussion that has come up several times at the Localhost office over the past several weeks has been whether it makes sense to load wallets by paths. In particular, supporting wallets by path has been the source of a couple issues, and has also had some involvement in the recent wallet deletion issue.

    For some background, the name of a wallet can always be interpreted as a path. If it is not an absolute path, then it is a path relative to the wallets directory, e.g. a wallet named mywallet is always located at <walletsdir>/mywallet. But when referring to wallets named by relative path, I mean wallets which actually include / in their name which turns the name into a path specifier, rather than a logical name that happens to map to a path relative to the walletsdir. Otherwise, the path is an absolute path. An important note is that with the exception of BDB files stored directly in the walletsdir, the file actually opened is always <path>/wallet.dat.

    For absolute paths, this seems mostly ok, if just a bit odd. This has the potential to be problematic when mixing wallet names with filenames and paths. However, I don’t recall any specific issues with absolute paths off the top of my head.

    On the other hand, relative paths that include additional directories (e.g. <walletdir>/<subdir>/mywallet or ../<more path>/mywallet) have been a major source of headaches in wallet filesystem code:

    • #32273 pointed out a flaw in how wallet names and paths were being combined in relative paths to produce nonsensical paths
    • The root issue in #31409 is searching subdirectories for additional wallets to have their name by relative path

    Furthermore, from a user perspective, relative path wallets are really weird in that the path is relative to the walletsdir, which itself is not always consistent relative to the datadir (excluding when set explicitly). Given that the actual location of the walletsdir is basically never surfaced to the user, I don’t really see any situation where a user would want to name a wallet ../<path>. I can see <sub>/mywallet, but that really doesn’t need to be a path, and the wallet could actually be in a directory named <sub>/mywallet where the / is escaped so it doesn’t become a path. Edit: / can’t be escaped.

    I propose that we should remove support for wallets with by relative path, but retain support for wallets by absolute path.

    But I’d like to get some feedback from contributors and users before moving forward with this.

    There has also been the suggestion that we should go all the way and just remove support for both relative and absolute paths. I push back on this a bit as I think absolute paths can still be useful, e.g. if a user has wallets both in the walletsdir and on external media, they could want to load wallets from both locations at the same time without needing to change the walletsdir by specifying wallets by absolute path. However, I am open to being convinced that remove absolute path support could be a good idea.

  2. achow101 added the label Wallet on Feb 3, 2026
  3. achow101 added the label Needs Conceptual Review on Feb 3, 2026
  4. sobitkarki1 commented at 9:34 am on February 4, 2026: none
    We should remove support for wallets by relative path, but retain support for wallets by absolute path. That’s the way to go.
  5. darosior commented at 9:19 pm on February 9, 2026: member

    I don’t recall any specific issues with absolute paths off the top of my head.

    I push back on this a bit as I think absolute paths can still be useful

    Absolute paths are also particularly useful for applications leveraging the Bitcoin Core wallet to more robustly be internally consistent. For instance a wallet like Liana using a watchonly wallet at an absolute path under its own data dir to track its coins, can run against any bitcoind the user may have set up, and may be using for other applications or reinstall or otherwise tamper with its (bitcoind’s) datadir. Using a wallet under Bitcoin Core’s wallet/ subdirectory bakes into the wallet this brittle assumption that Bitcoin Core’s datadir will not change.

    Such applications can nowadays probably be rewritten to use BDK instead (although in this case pruning support becomes complicated), and i don’t mean to imply that wallet contributors should bear the burden of supporting this project if they think absolute path support ought to be deprecated. But i hope this reflects that absolute paths support is useful to downstream projects and that dropping support for them is not a free lunch.

    I have a harder time thinking of a reasonable use case for supporting wallet paths relative to Core’s wallet sub-directory. Another brittleness of using relative wallet paths is that such use would not be portable across networks nor installations. Networks because for test networks the wallet/ sub-directory would be one level deeper, which may lead to code that works during testing breaking subtly in production. And across installations, because for existing Bitcoin Core datadirs with no wallet/ sub-directory, the root datadir (for this network) will be used.

  6. gmart7t2 commented at 9:31 pm on February 9, 2026: none

    I have my wallets organized into nested subdirectories under ~/.bitcoin/wallets/ to keep groups of wallets separate from each other.

    For example, when I am finished using a wallet, rather than deleting it I “bitcoin unloadeallet name” then move it into a subdirectory of wallets called “empty/”. Then I “bitcoin-cli loadwallet empty/name”. It shows up as “empty/name” in the wallet list and I can easily check all my “empty” wallets to see if they are still empty

    0$ bitcoin-cli listwallets | jq -r .[] | grep '^empty/' | while read x; do bitcoin-cli -rpcwallet=$x getbalance; done | uniq -c
1389 0.00000000

    I guess I could stop using subdirectories and just rename wallets/empty/name/ to wallets/empty-name/ or something but that’s not as clean

  7. davidgumberg commented at 11:46 pm on February 9, 2026: contributor

    I think that there is lurking danger in a string that is at times a name, and at other times a path with path specifiers and symlinks being resolved by the filesystem. I wonder if a reasonable solution would just be to separate these two, allowing a user to load a wallet with a name, and optionally provide a path, e.g.:

    0bitcoin-cli -named loadwallet name="mywallet" path="/path/to/my/wallet"


achow101 sobitkarki1 darosior gmart7t2 davidgumberg

Labels
Wallet Needs Conceptual Review

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-02-11 18:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me