The GenosOS vault (NYXENC1) encrypts every secret at rest. API keys, channel tokens, and credentials are never written to disk in plaintext. The agent does not know it is encrypting — encryption is transparent to the entire stack.
Encryption details
| Property | Value |
|---|
| Algorithm | AES-256-GCM |
| Key derivation | PBKDF2, 100,000 iterations, SHA-512 |
| Salt | 32 bytes, random per vault |
| IV | 12 bytes, fresh random per write |
| Vault file | ~/.genosv1/vault.enc |
| File permissions | chmod 600 (owner-only) |
Passphrase sources
The vault passphrase is resolved in this order:
VAULT_PASSPHRASE environment variable
If the VAULT_PASSPHRASE environment variable is set, it is used directly.
~/.genosv1/.env file
If the variable is not in the environment, GenosOS checks ~/.genosv1/.env.
Interactive prompt
If neither source provides a passphrase, GenosOS prompts you interactively at startup.
On macOS, store the passphrase in Keychain to avoid the interactive prompt. Enable this through Fortress Mode or by telling your assistant “store vault passphrase in Keychain”.
CLI vault management
Secret operations:
genosos vault set <key> <value> # Store or update a secret
genosos vault get <key> # Retrieve a secret value
genosos vault list # List all stored secret keys
genosos vault delete <key> # Remove a secret
genosos vault cat <path> # Decrypt a file to stdout (pipe-safe, no disk write)
genosos vault write <dest> [src] # Encrypt content and write to a file (src or stdin)
genosos vault lock # Encrypt all files in ~/.genosv1/
genosos vault unlock # Decrypt all files in ~/.genosv1/
genosos vault status # Show encryption status of state directory
Stop the gateway before running vault lock or vault unlock. Encrypting files while the gateway is active can corrupt session data. Use --force to override if needed.
genosos vault keychain-store # Store passphrase in macOS Keychain and remove from .env
genosos vault keychain-remove # Remove passphrase from macOS Keychain
Never use cat or a text editor to read files under ~/.genosv1/ directly. Use genosos vault cat <path> to decrypt and read vault-protected files.
macOS Keychain integration
When Fortress Mode is enabled, the vault passphrase is stored in macOS Keychain. This allows GenosOS to unlock the vault automatically on startup without an interactive prompt, while keeping the passphrase out of environment variables and shell history.
To register the passphrase in Keychain manually, tell your assistant:
store vault passphrase in Keychain
Auto-lock
The vault locks automatically after 30 minutes of inactivity. This is enforced by Fortress Mode. Once locked, any operation that requires a secret will re-prompt for the passphrase (or retrieve it from Keychain if configured).
Transparent encryption
Once a vault passphrase is set, every write and edit operation in the agent’s workspace is encrypted automatically. The agent calls the same read/write tools it always has — NYXENC1 intercepts at the filesystem layer. No agent, skill, or external content is aware that encryption is occurring.
This means a compromised skill or injected instruction cannot bypass encryption by calling write tools directly — the encryption layer is below the tool layer. 