Docs Cloud & Sync Vault & Secret Sharing

Vault & Secret Sharing

End-to-end encrypted vault for SSH keys, DB credentials, API tokens, SMTP credentials, and any custom secret — sharable per Nexus.

Cryptography

  • Vault key derived from your password via Argon2id.
  • Items encrypted with AES-256-GCM.
  • Sharing wraps the symmetric key with the recipient's RSA-4096-OAEP public key — server never sees plaintext.
  • SRP-6a for password-based authentication; the password itself never crosses the wire.

What you can store

  • SSH private keys and SFTP credentials.
  • Database connection strings.
  • API tokens and OAuth client secrets.
  • SMTP credentials (with rotating per-app passwords).
  • Free-form notes (encrypted, never plain).

Sharing flow

  1. Right-click any vault item → Share with Nexus.
  2. Choose recipients (whole Nexus or specific members).
  3. VORTΞXHQ wraps the item key for each recipient locally — only encrypted blobs reach the cloud.
  4. Recipients see the item appear in real time and can decrypt with their own key.

Reshare & revoke

Owners can re-share to new members or revoke access. Revocation rotates the item key so previously cached copies become unreadable.

Authentication & Account Management Two-Factor Authentication

Last updated 3 hours ago

No matches.
navigate · open · esc close