All releases
v0.3.3

End-to-End Encrypted Secrets

Your secrets are now end-to-end encrypted. Encryption keys are generated and held on your devices — Trinity's servers store only ciphertext and can never read your values. New devices need your approval, a 12-word recovery code covers you if you lose them all, and removing a team member rotates the team key automatically.

New

  • End-to-end encrypted secrets — Every secret — API keys, tokens, config files — is now encrypted and decrypted on your own devices. Trinity's servers store and serve only ciphertext: nobody without one of your enrolled devices can read your values, and that includes us.
  • Personal and team encryption boundaries — Secrets you store under Yours are encrypted with your personal key, so teammates can't read them even on a shared team workspace. Shared secrets use a team key held only by team members' devices.
  • Device enrollment and approval — Each device generates its own encryption key and keeps it in the operating system's keychain. Signing in on a new machine enrolls it as pending: it can't read encrypted secrets until you approve it from one of your existing devices. Approval is always your call — never a team admin's.
  • Devices panel — App Settings → Profile → Devices lists every machine on your account with its status and last-seen time. Approve pending devices, revoke lost ones, and get an alert whenever a device you don't recognize appears on your account.
  • Personal recovery code — Your first device generates a one-time 12-word recovery code. If you ever lose every approved device, enter it on a fresh machine to restore access to your encrypted secrets without an approver.
  • Device revocation with optional key rotation — Revoke a lost device to permanently bar it from receiving keys. If the device may be compromised, opt in to key rotation: every key you hold is reissued, so anything written from then on is unreadable with the old keys.
  • Member removal rotates the team key — Removing a team member locks them out immediately and rotates the team encryption key, so secrets written after the removal are unreadable to them. Rotation protects new secrets only — treat any credential the member could already read as exposed and rotate it at its source provider.
  • Pending-rotation warning — Removing a member from the website can't rotate the key (a browser holds no key material), so Team Settings shows a rotation-pending warning until someone on a key-holding device completes it with one click.
  • Team recovery code — Owners and managers can generate a 12-word team recovery code from Team Settings → Encryption Keys — for example to re-grant a member who lost all their devices. It covers the team key only and can never unlock anyone's personal secrets.
  • Service setup stays encrypted end-to-end — Keys captured by the guided service setup agent are processed locally on your machine and encrypted on-device before they're stored — the same path your hand-typed secrets take.

Improved

  • Settings open without the reload flicker — Project settings cards (Secret Keys, Storage, Stack, and Project Assets) and the App Settings page now hold on to what they loaded, so they appear instantly instead of flashing a spinner and re-fetching every time you open them.
  • Consistent, instant page headers — Hub pages share one header style, so each page's title and description show up right away instead of briefly flashing a loading placeholder.