doc updates

Author: d4mr

apps/portal/src/app/engine/features/backend-wallets/page.mdx

@@ -49,6 +49,7 @@ The smart account is automatically deployed the first time you send a transactio
 - `smart:local` - Smart account backed by a local key
 - `smart:aws-kms` - Smart account backed by AWS KMS
 - `smart:gcp-kms` - Smart account backed by Google Cloud KMS
+- `smart:circle` - Smart account backed by Circle Developer-Controlled Wallets
 
 For AWS and Google Cloud KMS options, follow the setup instructions in the respective sections below.
 
@@ -178,6 +179,27 @@ An [AWS KMS Wallet](/references/wallets/v2/AwsKmsWallet) is a wallet securely st
    - GCP KMS Key ID (example: `0489da75-9830-4a5a-97e3-e4a6df7775b3`)
    - GCP KMS Version ID (example: `1`)
 
+## Circle Wallet
+
+[Circle Programmable Wallets](https://developers.circle.com/w3s/programmable-wallets) is a Wallet as a Service (WaaS) solution designed to simplify the creation and management of secure Web3 wallets and their private keys. Engine can create and transact with the wallet, but not delete it.
+
+#### Setup
+
+1. Create a Circle account at the [Circle Console](https://console.circle.com/signin).
+2. Navigate to [API & Client Keys](https://console.circle.com/api-keys).
+3. Create an API Key. (Either a standard key or a restricted key scoped to "Programmable Wallets" is required.) Do not enable the IP Allowlist. Store this key, it is not shown again.
+4. In the dashboard, navigate to **Configuration > Backend Wallets**.
+5. Select **Circle** and provide the following:
+   - API Key (example: `API_KEY:...`)
+
+<Callout varian="info">
+	Circle API Keys are scoped to either Testnet or Mainnet. Backend wallets
+	created with a testnet key will not work on the mainnet, and vice versa
+	<br /> If you want to change between testnet and mainnet, you will need to
+	update the API key configuration in engine, and recreate a wallet. with the
+	Mainnet scope.
+</Callout>
+
 ## Create a wallet
 
 For AWS or Google Cloud KMS wallets, you must provide your credentials.
@@ -186,6 +208,8 @@ For AWS or Google Cloud KMS wallets, you must provide your credentials.
 1. Select **Create**.
 1. (Optional) Provide a label to organize your wallets.
 
+Circle wallets require creating a [Credential](/engine/features/wallet-credentials) first before creating a wallet.
+
 ## Import a wallet
 
 For AWS or Google Cloud KMS wallets, you must provide your credentials.

apps/portal/src/app/engine/features/wallet-credentials/page.mdx

@@ -0,0 +1,54 @@
+import { createMetadata, Details } from "@doc";
+import { Callout } from "@doc";
+
+export const metadata = createMetadata({
+	title: "Wallet Credentials | thirdweb Engine",
+	description:
+		"Engine can securely store and manage wallet credentials for thirdweb backend wallets.",
+});
+
+# Wallet Credentials
+
+Wallet credentials are authentication details required to interact with different cloud providers and wallet services. They enable secure access to wallet functionality across various platforms.
+
+<Callout variant="info">
+	Currently, the credentials system has only been rolled out for Circle wallets.
+	Default credentials are not yet supported. Existing wallets will continue to
+	work as normal, but new wallet creations will use the new credential system
+	after the rollout.
+</Callout>
+
+## Overview
+
+Each wallet in the system is associated with a credential that contains the necessary authentication details for its specific provider (AWS, GCP, etc.). These credentials are stored securely and can be either:
+
+- Specified explicitly when creating a wallet
+- Used automatically through default credentials configured for each provider type
+
+## Default Credentials
+
+Each provider type (AWS, GCP, etc.) can have one default credential. When creating a wallet without specifying a credential, the system automatically uses the default credential for that provider type.
+
+## Creating a Credential
+
+Credentials are created in the dashboard and can be reused across multiple wallets of the same type.
+
+### Create a credential
+
+1. In the dashboard, navigate to **Configuration > Credentials**.
+2. Click on **Create**.
+3. Assign a name to the credential.
+4. Select the type of the credential.
+5. Populate the credential fields which are specific to the type.
+6. Click on **Create**.
+
+## Usage
+
+When creating a wallet, you can either:
+
+1. Provide a specific credential ID to use custom authentication details
+2. Omit the credential ID to automatically use the default credential for your chosen provider
+
+## Security
+
+Credential details are stored encrypted securely in the database and are only accessible through authorized system operations. Once created, they are not retrievable. You can still view the credential (label, type), but you cannot access the credential details. This ensures that credentials are secure and cannot be used to gain unauthorized access to your wallets.

apps/portal/src/app/engine/sidebar.tsx

@@ -28,6 +28,10 @@ export const sidebar: SideBar = {
           name: "Backend Wallets",
           href: `${engineSlug}/features/backend-wallets`,
         },
+        {
+          name: "Wallet Credentials",
+          href: `${engineSlug}/features/wallet-credentials`,
+        },
         {
           name: "Contracts",
           href: `${engineSlug}/features/contracts`,