Docs

Browser Extension (NIP-07)

The most secure way to authenticate with Redshift for everyday use.

What is NIP-07?

NIP-07 is a Nostr standard that allows websites to request signatures from a browser extension without ever accessing your private key. The extension holds your key securely and signs requests on your behalf.

This provides several security benefits:

  • Your private key never leaves the extension
  • You approve each signing request
  • Malicious websites cannot steal your key
  • Works across multiple Nostr apps

Recommended Extensions

🐝

Alby

Full-featured Nostr + Lightning wallet. Great for users who want an all-in-one solution.

Install Alby →
🔐

nos2x

Lightweight, Nostr-only extension. Minimal and focused on key management.

Install nos2x →
🦊

nos2x-fox (Firefox)

Firefox port of nos2x for Firefox users.

Install nos2x-fox →

Setup Guide

1. Install an Extension

Install one of the extensions above. We recommend Alby for most users.

2. Create or Import Keys

When you first open the extension, you'll be prompted to either:

  • Generate new keys - Creates a fresh Nostr identity
  • Import existing keys - Use an nsec you already have

Important: Write down your nsec and store it securely (password manager, paper backup, etc.). This is the only way to recover your identity if you lose access to your browser.

3. Connect to Redshift

With the extension installed, connecting to Redshift is automatic:

Web Admin:

  1. Go to /admin
  2. Click "Connect"
  3. Select "Browser Extension"
  4. Approve the connection in your extension popup

CLI:

redshift login
# Select "NIP-07 Browser Extension"
# A browser window will open for approval

How It Works

When Redshift needs to sign something (create a project, save secrets, etc.):

  1. Redshift creates an unsigned event
  2. It calls window.nostr.signEvent(event)
  3. Your extension shows a popup asking for approval
  4. You click "Sign" (or the extension auto-approves if configured)
  5. The extension signs the event and returns it
  6. Redshift publishes the signed event to relays

At no point does Redshift see your private key - only the signatures it produces.

Auto-Approval (Optional)

Clicking "Approve" for every action can get tedious. Most extensions let you auto-approve requests from trusted domains:

In Alby:

  1. Go to Settings → Connected Apps
  2. Find redshiftapp.com
  3. Enable "Auto-approve" or set a budget

In nos2x:

  1. Click the extension icon
  2. Go to Permissions
  3. Set redshiftapp.com to "Allow"

Security Considerations

Private key never exposed to websites
Per-site permission controls
Easy to revoke access
Works across multiple Nostr apps

Troubleshooting

"No NIP-07 extension found"

  • Make sure the extension is installed and enabled
  • Refresh the page after installing
  • Check if the extension is unlocked (some require a password)

"User rejected the request"

  • You clicked "Deny" in the extension popup
  • Try again and click "Allow" or "Sign"

Extension popup doesn't appear

  • Click the extension icon in your toolbar to open it manually
  • The popup might be blocked - check browser popup settings
  • Try a different browser or extension