k_ Keyline

Security

Updated July 14, 2026

A breach of us must not be a breach of you. Keyline is built so our servers cannot read your secrets, and so the claims on this page are verifiable instead of asserted.

1. What our servers hold

Ciphertext, wrapped keys, metadata, and audit events. Nothing else. Encryption and decryption happen on your machines with keys we never receive.

PurposePrimitive
Secret encryptionAES-256-GCM
Workspace key derivationscrypt
Device identity + key wrappingX25519, HKDF-SHA256

All primitives come from Node's built-in crypto. No third-party crypto libraries. The full scheme, including the key hierarchy, recovery paths, and known trade-offs, is public: encryption design document. The source is public too. Read it, don't trust us.

2. Access

3. Tamper-evident, publicly anchored audit

Every read, write, grant, and revoke lands in a hash-chained audit log. Editing, deleting, or reordering any event breaks the chain. And because a chain alone could in theory be rewritten wholesale, every workspace's chain head is witnessed daily in a public repository: keyline-anchors. The public sees only hashes. The point: history rewrites are detectable, even by us.

4. Platform

5. Where we are honest about maturity

External review: the encryption design has not yet passed an independent security review. Engaging one is our launch gate, and the review packet is public.

SOC 2: we are at the start of a readiness program, not certified. We will state progress here as it happens, not before.

6. Reporting a vulnerability

Found something? We want to know, and we will not take legal action against good-faith research.

Machine-readable version: /.well-known/security.txt.