Small tools. Sharp edges.
The server never sees your secrets.
Cryptography happens in your browser.
We publish every algorithm we use.
No lock-in. No black boxes. No "just trust us".
The best security is security people actually use
→
"Never share passwords" sounds great until your coworker needs access in 5 minutes and you're on a plane. So you text it. Dead Drop lets you share once, securely, then it's gone.
→
"Store keys in a hardware vault" is ideal until you lose it, forget to back it up, or can't afford one. Runekey regenerates your keys from memory. Nothing to lose.
→
"Don't put sensitive files in the cloud" ignores reality. You will. Everyone does. CipherStash encrypts before upload. Use the cloud safely.
Perfect security with 30% compliance loses to good security with 95% compliance.
We build for how people actually work.
Dead Drop
Self-destructing secrets. Client-side AES-GCM. We never see plaintext.
Runekey
Deterministic keys from a passphrase. Same input, same SSH/GPG/WireGuard key. Every time.
CipherStash
Encrypt files in your browser. Back up to your own Google Drive.
Artifact Warden
Pull-through proxy with ACL rules. Block by package, version, or CVE.
Less trust. Fewer secrets. Smaller blast radius.