keep-node turns a small Linux box into a private security appliance. Each node runs your core security services (a Vaultwarden password manager, secrets, identity) and holds only a FROST threshold key share, so no single device can decrypt your vault. Run two or more and they sync to each other, so if one goes down the others keep serving. Built for non-technical users: no seed phrases.
Part of the Keep ecosystem; the node daemon, vault, and threshold signing are reused from keep (keep-web, keep-core).
Status: early scaffold. Today it boots Vaultwarden and the keep-web daemon in a NixOS VM, with Vaultwarden's data on a TPM-sealed LUKS volume that auto-unlocks at boot. Making that unlock a FROST quorum (instead of TPM-only), multi-node sync, and hardware support are in progress.
- Threshold custody: the box holds one FROST share; steal it and get nothing.
- Multi-node HA: nodes sync, so a single failure doesn't take your vault down.
- Seedless: recovery via a device quorum, no 24 words to lose.
- Open: MIT software on commodity hardware.
Requires Nix with flakes enabled.
# Run the test suite (boots a VM, no hardware needed: Vaultwarden + keep-web)
nix flake check
# Boot the VM interactively to poke at it
nix build .#checks.x86_64-linux.single-node.driverInteractive
./result/bin/nixos-test-driver --interactive