Zero-knowledge secret store

Store secrets we can never read.

Orbsen Keep encrypts your secrets inside your own browser. Only the ciphertext ever reaches us — the key stays with you and touches our servers never. Not a promise. A property of the architecture.

AES-256-GCM in the browser We hold ciphertext only Keys never leave your device
what Orbsen ever sees
// generated & encrypted in your browser
K = aes-256-gcm key → stays with you

// only this leaves the browser
POST /api/blob
  { iv: "7Qm…",
    ciphertext: "a1F9…" }

[STORE] stored ciphertext
[STORE] key = unknown
[STORE] plaintext = unknown
Why Keep

Secret storage that can’t betray you

Most vaults ask you to trust that they’ll behave. Orbsen Keep is built so that even we couldn’t read your secrets if we tried.

🔐

Encrypted before it leaves

A fresh AES-256-GCM key is generated in your browser and used to encrypt the secret locally. We receive the ciphertext and nothing else.

🗝️

Your key, your custody

The key K is shown to you and sent nowhere. Without it, the blobs on our disk are meaningless bytes.

🛡️

Zero-knowledge at rest & in transit

Ciphertext on disk, ciphertext on the wire. When you recover a secret it’s decrypted in your browser and used directly — the store is never in that hop.

🔎

Inspectable, not trust-me

Log every byte we ever receive and you still can’t rebuild the secret. The guarantee is checkable, not a policy line.

How it works

Three steps, one place the key never goes

Encrypt in your browser

Your browser generates a one-off key K, encrypts the secret S, and posts only { iv, ciphertext } to the store.

Keep the key

We hand you K and a blob id. We store the ciphertext against that id — and never learn the key.

Recover & use

Fetch the ciphertext, decrypt it locally with K, and send the plaintext straight where it’s needed. The store isn’t in that path.

The falsification test

Try to read your own secret from our side

Take everything Orbsen ever has — the blobs on disk and every line of every byte that hit the store — and try to reconstruct the secret. You can’t. There’s no key, only AES-GCM ciphertext.

  • The disk holds ciphertext blobs only.
  • The store logs show ciphertext arriving — never the key.
  • Plaintext only ever exists in your browser and its destination.

Honest about the edge. The one residual risk is whoever ships the page’s JavaScript could ship a version that leaks the key. That’s unfixable by architecture alone — only by open source and pinned versions.

So we say it out loud, and we hold ourselves to it. Zero-knowledge at rest and in transit: proven.

Get started

Put a secret where even we can’t see it

Encrypt in the browser, keep your key, recover when you need it. That’s the whole model.