Docs

Authentication

Redshift uses your Nostr identity for authentication. Choose the method that best fits your security needs.

Overview

Unlike traditional secret managers that use email/password or OAuth, Redshift authenticates using cryptographic keys. Your Nostr identity (a public/private key pair) is used to:

  • Prove your identity - Only you can sign messages with your private key
  • Encrypt your secrets - Data is encrypted so only you can read it
  • Access your data - Your public key identifies which data belongs to you

Authentication Methods

Redshift supports three authentication methods, each with different security trade-offs:

Browser Extension (NIP-07)

Use a browser extension like Alby or nos2x to sign requests. Your private key never leaves the extension.

Recommended

Private Key (nsec)

Enter your private key directly. Simple but requires careful handling of your key.

Use with caution

Bunker (NIP-46)

Connect to a remote signing service. Great for CI/CD and advanced security setups.

Advanced

Security Comparison

MethodKey StorageBest ForRisk Level
ExtensionBrowser extension (encrypted)Daily use, web adminLow
nsecEncrypted in session storageQuick access, no extensionMedium
BunkerRemote serverCI/CD, team sharingLow*

*Bunker security depends on how well the remote signer is secured.

Which Should I Use?

  • For most users: Use a browser extension like Alby
  • For CLI-only usage: Use nsec with careful key management
  • For CI/CD pipelines: Use a bunker connection
  • For maximum security: Use a bunker with hardware signing

Creating a New Identity

If you don't have a Nostr identity yet, you can create one in several ways:

  • Browser extension: Install Alby and it will generate keys for you
  • CLI: Run redshift login and select "Generate new identity"
  • Web: Click "Connect" in the Redshift admin and generate keys there

Important: Back up your private key (nsec) immediately after creation. If you lose it, you lose access to all your secrets permanently. There is no recovery option.