OtterSeal

Appearance

OtterSeal Documentation ​

OtterSeal Logo

🦦 Zero-knowledge encrypted notes and secrets

πŸ‘‰ Try it now: Open OtterSeal Web App

What is OtterSeal? ​

OtterSeal is a suite of packages for building zero-knowledge encrypted applications:

  • @otterseal/core β€” Cryptography library (AES-256-GCM + HKDF)
  • @otterseal/cli β€” Command-line tool for notes and secrets
  • @otterseal/rest-api β€” Backend API for self-hosting

All encryption happens client-side. The server never sees your plaintext content or encryption keys.

Quick Start ​

Using the CLI ​

bash
# Create a secret
oseal secret send "This is secret"

# Read your notes
oseal note read "my-title"

Using the Core Library ​

typescript
import { deriveKey, encryptNote } from '@otterseal/core'

const key = await deriveKey('my-title')
const encrypted = await encryptNote('secret content', key)

Self-Host the API ​

bash
# See: @otterseal/rest-api deployment guide

Architecture ​

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚   Client (Browser/CLI)    β”‚
β”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€
β”‚ @otterseal/core           β”‚
β”‚ β€’ Web Crypto API          β”‚
β”‚ β€’ HKDF key derivation     β”‚
β”‚ β€’ AES-256-GCM encryption  β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
             β”‚ (encrypted)
             ↓
      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
      β”‚  REST API /  β”‚
      β”‚  WebSockets  β”‚
      β””β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”˜
             β”‚
      β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
      β”‚   Database   β”‚
      β”‚ (encrypted)  β”‚
      β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Security First ​

  • βœ… Web Crypto API β€” Uses native browser cryptography (SubtleCrypto)
  • βœ… Client-side encryption β€” Keys never leave your device
  • βœ… AES-256-GCM β€” Industry-standard authenticated encryption
  • βœ… HKDF β€” Cryptographic key derivation with domain separation
  • βœ… No passwords β€” Titles are used directly (more convenient, same security)
  • βœ… HashRouter Security β€” Secret links use URL fragments (/#/send/...) so keys/UUIDs are never sent to the server
  • βœ… Open source β€” Audit the code yourself

Credits & Inspiration ​

OtterSeal was inspired by the simplicity of publicnote.com, aimed at bringing that same ease-of-use to a zero-knowledge encrypted environment.

Packages ​

TIP

Each package is independent and can be used standalone or together.

  • Core β€” Cryptography library with AES-256-GCM and HKDF
  • CLI β€” Command-line tool for managing notes and creating secret links
  • REST API β€” Backend API for self-hosting with WebSocket support

Need Help? ​

Ready to try OtterSeal? πŸ‘‰ Go to Web App

Built with ❀️ by JBot

Released under the MIT License

Copyright Β© 2026 OtterSeal by JBot