Zero-knowledge guarantee

import { Aside } from ‘@astrojs/starlight/components’;

“Zero-knowledge” is an overloaded term in security. Here’s exactly what it means for OpaqueVault.

What we guarantee

The OpaqueVault server cannot decrypt your secrets.

This is not a policy statement — it’s an architectural constraint. The server stores only ciphertext. It has no master password, no KEK, and no decrypt endpoint. Even if OpaqueVault staff wanted to read your secrets, they couldn’t.

AI models cannot see your secret values.

The 7 MCP tools are designed so no plaintext value ever appears in a tool response. The interceptor enforces this at the transport layer as a second line of defense.

What we do NOT guarantee

We do not guarantee:

Protection from malware on your local machine (anything with access to ov mcp serve’s memory could read the KEK)
Protection from a compromised master password (your password is the root of trust — protect it)
Protection from secrets that appear in command output (if go test prints your database URL to stdout, vault_run will return that in stdout)
Post-MVP: protection from leaking secret names (names are stored in plaintext for MVP)

The root of trust

Your master password is the root of trust. Everything derives from it via Argon2id. OpaqueVault never sees it, never stores it, and never transmits it. If you lose it, there is no recovery path — OpaqueVault cannot decrypt your secrets for you.

Keep a secure backup of your master password. A password manager (ironic, but correct) or a passphrase written down in a physically secure location.

Verifiability

OpaqueVault is open source. The claim that the server has no decrypt endpoint is verifiable:

The API source is in apps/api/ and internal/api/
There is no handler that calls any function in internal/crypto/ with a KEK
The internal/crypto/envelope.go Decrypt function is called only in internal/vault/ — which runs client-side in ov mcp serve, never server-side

You don’t have to trust us. You can read the code.