NoctisWhat is Noctis?
Noctis is a zero-knowledge vault for the things that would hurt to leak - private notes, passwords, API keys, seed phrases and small confidential files. Unlike cloud notes apps, Noctis never sees your data in a form it can read.
Three properties define it:
- Client-side encryption - data is encrypted and decrypted entirely in your browser.
- Wallet-derived keys - your encryption key comes from a single Solana wallet signature. No password, no account.
- Zero-knowledge storage - the server only ever holds ciphertext, scoped to your wallet by row-level security.
How encryption works
Every entry is sealed with AES-256-GCM using the Web Crypto API - the same authenticated encryption trusted by governments and banks. GCM detects any tampering with your ciphertext, so a modified blob simply fails to decrypt.
// in your browser - plaintext never leaves the page const iv = crypto.getRandomValues(new Uint8Array(12)); const ct = await crypto.subtle.encrypt( { name: "AES-GCM", iv }, vaultKey, encode(plaintext) ); // only { iv, ct } is uploaded - opaque ciphertext
Plaintext never touches our servers, your network, or disk. The only place it exists is in the tab you typed it into.
Wallet-derived keys
When you open the vault, Noctis asks your Solana wallet to sign one fixed message. That signature is deterministic - the same wallet always produces the same bytes - so it can be turned into your encryption key with a KDF, and never has to be stored anywhere.
const sig = await wallet.signMessage(MESSAGE); // Ed25519
const key = await crypto.subtle.importKey(
"raw", await sha256(sig), "AES-GCM", false, ["encrypt","decrypt"]
);
No password to remember, nothing on a server to phish, nothing to leak. Your wallet is your identity and your only key.
Zero-knowledge storage
Noctis stores only ciphertext. Each record is tied to your wallet address through row-level security, so even the database can return your blobs only to you - and can never open them.
Encrypt
Plaintext is sealed on your device.
Ciphertext
Only opaque blobs are uploaded.
Decrypt
Re-derive the key locally, unlock instantly.
Get started in three steps
Connect your wallet
Open the Vault and connect a Solana wallet such as Phantom.
Sign once to unlock
Approve a single signature request. Your key is derived locally - it never leaves your device.
Store & retrieve
Add notes, passwords or keys. They are encrypted before upload and decrypted only when you ask.
Agent-native storage (MCP)
Noctis exposes three Model Context Protocol tools so AI agents like Claude Code, Cursor and Continue can read and write secrets as ciphertext - pulling a value only when needed, decrypting it locally, and never leaving plaintext lying around.
data_store(key, value) // seal a secret into the vault data_fetch(key) // retrieve & decrypt locally data_list() // list entry keys (no plaintext)
The MCP server only ever moves ciphertext between your vault and your tools.
Recovery & security
Your key is derived from your wallet signature, so your wallet is your recovery. Restore it from its seed phrase and you can re-derive the key and unlock everything.
There is no master key, no admin override and no plaintext copy anywhere on our infrastructure. If a wallet is lost for good, the ciphertext stays sealed forever - by design, no one (including us) can recover it.
Frequently asked
Can Noctis read my data?
No. The key that decrypts your vault is derived from your wallet signature and never leaves your device. We store ciphertext and nothing else.
Do I need an account or password?
No email, no password, no signup. You connect your Solana wallet and sign once.
Why AES-256-GCM?
It is fast in the browser, provably strong, and its GCM mode detects any tampering with your ciphertext.