{CSS}
Noctis
Encrypted · Sovereign · Private · Yours

Sealed by Design

Client-side encryption. Zero-knowledge st

Private Notes · API Keys · Seed Phrases · Sovereign Data

Not privacy as a feature. Privacy as the default.

Read the Docs
Open Vault
In-BrowserClient-Side AES
Your WalletSign & Unlock
AES-256Encrypted · Sovereig

← Drag to compare →

Exposed - Stored in Plaintext
EntryAmount
0x7a3f...b2c10xd4e2...9f8ahunter2!sky
0x1b2c...e3d40x8f7a...c6b5twelve words
0xa9b8...7c6d0x3e4f...2a1bsk-live-4f2a
0x5d6e...4f3a0xc1d2...8e7f4471

⚠ Notes, passwords, and keys stored in plaintext are readable by any server admin or in a database breach

Encrypted - Sealed by Noctis
EntryAmount
████████████ → ██████████████████████
████████████ → ██████████████████████
████████████ → ██████████████████████
████████████ → ██████████████████████
AES-256 PROTECTED

✓ Notes, passwords, and keys encrypted client-side. Only your wallet can decrypt.

Exposed
Encrypted
System Design

Applications

App

Private Notes · API Keys · Seed Phrases · Sovereign Data - everything you keep is sealed in your browser before it ever leaves your device.

Client-Side Encryption

In-Browser

All encryption and decryption happen in your browser using AES-256-GCM. Plaintext never leaves your device - not to our servers, not to your network, not to anyone.

Wallet-Derived Keys

Your Wallet

Your encryption key is derived from a single signature by your Solana wallet. No password to remember, nothing stored on a server, nothing that can be phished or leaked.

Zero-Knowledge Storage

Your Wallet

Our database stores only ciphertext, scoped to your wallet by row-level security. It holds your data without ever being able to decrypt or read it.

Storage Layer

Your Wallet

Solana anchors identity: your wallet is the only key to your vault. Connect, sign once, and unlock - no password, no email, no account.

Encrypted by Default · Sovereign by Design

THE FLOW

01

Encrypt

You encrypt everything client-side. Only ciphertext is uploaded - no plaintext ever touches our servers.

02

Derive Key

Your key is derived from a one-time wallet signature. It never leaves your device or reaches our servers.

03

Store

Only ciphertext is uploaded to our database, tied to your wallet by row-level security. The server never sees a single byte of plaintext.

04

Decrypt

Reconnect your wallet and sign once. Your key is re-derived locally and the vault decrypts instantly - only ever on your device.

Use Cases

Privacy

Encrypted Notes

Private notes, journals, and documents sealed with AES-256 the moment you type them. Only your wallet can open them - not us, not anyone.

Learn more
Interop

Password Vault

Logins and passwords stored as ciphertext. No master password to phish, no plaintext on any server - your Solana wallet is the key.

Learn more
Infra

Keys & Seed Phrases

API keys, seed phrases, and recovery codes encrypted client-side. Subpoenas, breaches, and rogue insiders see nothing usable.

Learn more
What Noctis Enables

Private Notes

Notes and journals are the most immediate use case. You write freely, and every entry is encrypted on your device before it is ever stored - nobody but you can read a single word, and there is no company that can mine, sell, or surrender your thoughts.

  • Private payments & encrypted balances
  • Personal password & key storage
  • Shareable only by you, never by us

API Keys

Developer secrets belong in ciphertext, not in plaintext config files or sticky notes. Store API keys, OAuth tokens, and webhook secrets encrypted per entry - decrypted locally only when you copy them, never exposed to our servers.

  • Developer API keys & access tokens
  • OAuth secrets & webhook signing keys
  • Privacy-preserving analytics & enterprise compute

Encrypted Storage

Any high-stakes dataset stays encrypted on-device before it ever touches a server. Documents, research data, files, configs, recovery codes - all wrapped under AES-256-GCM with a master key only the user holds. Noctis stores ciphertext; subpoenas, breaches, and rogue insiders see nothing usable. Three MCP tools (`data_store`, `data_fetch`, `data_list`) make the primitive callable from any AI agent.

  • Confidential documents & business records
  • Encrypted research datasets and confidential records
  • Secure file vaults for journalists, legal, healthcare
  • Agent-native storage via MCP - Claude Code, Cursor, Continue

Sovereign Data

Your data belongs to you alone. Every entry is owned by your Solana wallet through cryptographic identity - no email, no account, and no company that can lock you out, mine your data, or hand it to a third party.

  • Wallet-owned, not account-owned
  • No email, no password, no lock-in
  • Export your ciphertext at any time
Spotlight

Two promises no cloud notes app can make - because they can read your data. Noctis can't.

Your Encrypted Vault
AES-256 · Live
Notes
Passwords
API Keys
Files
AES
Derive Key
Verifiable
4 Entry Types → 1 AES-256 Vault → Wallet-Only AccessPlaintext never leaves your device
Zero-Knowledge

Store your most sensitive data - without ever handing us the key to read it.

Your private data shouldn't have to choose between 'safe but stuck on one device' and 'synced but readable by some company.' Noctis gives you both - encrypted on your device, synced as ciphertext, readable only by you.

  • Notes, passwords, keys, and files are encrypted the moment you save them - raw plaintext never leaves your control.
  • Private notes, password and key storage, and confidential file vaults - all sealed locally with AES-256 before anything is ever uploaded.
  • True ownership of your data - your wallet is the only key, you can export ciphertext anytime, and plaintext is never exposed.
Encrypted Exchange
Agent · Live
Request
->■▒■▒◆#■▒▌*+◇-=@
$▐$*$#▓>▓□&=
▌#+□▓*+%-▐░_■□◆*▓◇■▒
ciphertext · 8KB
Encrypted Vault
encrypted on your device
Response
◆▐!_●○<=@%▓█-▒
▓#▌○!>@○◆_$▐●#+▒+□
+_●▒▌▒■_░▒!□
ciphertext · only user decrypts
User
Agent · Encrypted Vault
User
Request ciphertext · Decrypt locally · Never on diskServer never sees plaintext
MCP · Agent-Native

Let your AI tools read and write secrets - sealed as ciphertext they can never expose.

Hardcoded keys in config files and chat logs are a breach waiting to happen. Noctis exposes three MCP tools - data_store, data_fetch, data_list - so agents like Claude Code and Cursor pull a secret only when needed, decrypt it locally, and never leave plaintext lying around.

  • Agents fetch API keys and tokens on demand - decrypted locally, never written to disk in plaintext.
  • Secrets stay encrypted end-to-end; the MCP server only ever moves ciphertext between your vault and your tools.
  • Works with Claude Code, Cursor, and Continue - any MCP-compatible client can use your vault.
Wallet Support

Powering Privacy on So

Your Solana wallet is t

PhantomLive
SolflareLive
BackpackComing Soon
LedgerComing Soon
GlowComing Soon
Phantom
Solflare
Backpack
Ledger
Glow

COMPARISON

FeatureNoctisAES-256Cloud NotesNotion, EvernotePassword Mgrs1Password, BitwardenMPCBrowser StorageTEElocalStorage
Client-Side Encryption
Zero-Knowledge Server
No Master Password
Wallet-Based Login
Composable
Breach-Proof

Scroll to compare →

Why It Matters

Noctis is the private vault layer for that future.

Client-side encryption.
Wallet-derived keys.
Zero-knowledge storage.

Your data, encrypted before it ever leaves your hands.

FAQ

Frequently Asked Qu

Everything you ne

Step Into the Dark
Follow us for