Zero-knowledge encrypted vault

Platanist Nest

Platanist Nest is a zero-knowledge vault where the browser owns the critical cryptographic path and the server only sees ciphertext. It exists both as a usable tool and as a statement about how secret management products should reduce trust assumptions.

Open Nest

Platanist Nest encrypted vault interface

The problem it tackles

Security products often ask users to trust branding, dashboards, and vague claims. Nest had to make the model legible: no server-side key custody, a clear key lifecycle, and an interface that makes the trust boundary visible instead of hiding it behind marketing language.

Architecture

The key system decisions

Client-side encryption boundary

Encryption and key handling stay in the browser so the backend becomes a ciphertext store rather than a privileged decryptor.

Key ownership first

The identity model starts from possession of keys, not from a traditional username-password account abstraction.

Explicit security narrative

The product explains its posture in user-facing language so verification is easier than blind trust.

What matters

Designed the interface to make trust assumptions inspectable instead of hidden.
Used the project to bridge practical product design and crypto-oriented systems thinking.
Sharpening onboarding so the cryptographic model remains understandable to non-specialists.

Next.jsTypeScriptMongoDBClient-side encryption

Media

Screenshots and demos

Nest vault grid screenshot

Nest encryption demo video