Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.capy.sc/llms.txt

Use this file to discover all available pages before exploring further.

An organization in Capy is a cryptographic tenant. It has:
  • A root seed phrase - 24 BIP-39 words, generated on the user’s machine when the org is created. Only the creator sees it. Capy’s service never sees it.
  • A master key M - derived from the seed phrase via PBKDF2-SHA512. Every project key in the org is derived from M.
  • A membership list - maintained by Capy’s service. Every decrypt request is gated by this list.
  • Multiple projects - each with its own derived project key PK.
All secrets in an org share the same M. All members of the org can decrypt all projects in the org (subject to project-level role checks).

One org per tenant

Create a separate org for each real security boundary:
  • One org per company or team.
  • A separate org for personal projects you don’t want sharing a blast radius with work.
  • A separate org for clients if you’re doing contract work and want to wall them off from each other.
You can belong to any number of orgs and switch between them with capy org. Each org you’re a member of has its own key.enc on your machine - encrypted at rest and useless without the Capy service to strip the outer wrap.

The seed phrase

The seed phrase is shown once, at org creation. Save it somewhere safe (a password manager, a physical note in a safe, a BIP-39 hardware wallet). You need it to:
  • Bootstrap the org on a new machine from scratch (without relying on an invite).
  • Recover if you lose access to all devices that hold key.enc.
Capy cannot recover a lost seed phrase. The system is zero-trust by design - if we could recover it, so could an attacker who compromised our backend. Keep a backup.
If the seed phrase is compromised, an attacker can derive M offline and bypass the service’s co-decrypt gate entirely. That’s the one scenario where full rotation is required: new seed, new M, re-encrypt every secret, re-invite every member.

Creating and switching orgs

Create an org by running capy in a fresh project with no existing org. Capy will prompt you to either join an existing org or create a new one. Switch between orgs with capy org. See Switching organizations.

What’s next

Switching organizations

Moving between orgs on a single machine.

Zero trust

How the two-share model protects your org.