Trust shouldn't be something you have to extend.

Calyx started because I was tired of losing my own .env files. But it became something I cared about for a different reason. Every secrets tool asks you to trust it - trust the company, trust their servers are configured right, trust no employee goes rogue, no court order arrives, no breach spills the database. You hand over your most sensitive keys and you hope.

I didn't want to build another thing you have to hope about. So Calyx is built so hoping isn't part of it - the betrayal you're scared of just isn't available to me. And it's just me building this, which is exactly why I made trusting me optional.

Your secrets are encrypted on your device, with a passphrase that never leaves it. What reaches my server is ciphertext - noise I couldn't read if I tried, couldn't be forced to hand over, couldn't leak in a breach, because there's nothing readable there to leak.

It's not a setting you enable or a tier you upgrade to. It's the foundation. The day Calyx ships a version where I could read your secrets is the day it stops being worth using.

Zero-knowledge cuts both ways. Forget your passphrase andlose your recovery key, and your data's gone - and I can't get it back, because I never had it. Most companies bury that. I'm leading with it.

I'd rather tell you the truth than hand you a reset button that secretly means I kept a copy. The button you don't have is the proof of the promise.

A calyx is the husk that protects a flower bud until it's ready to open. It seemed like the right name.