F
FortNox

Secrets, built for the agent era.

A local-first password manager with a native Model Context Protocol surface. Your AI agents get exactly the secrets they need — nothing more, nothing cloud.

Download FortNox See the architecture

The problem

Your password manager wasn't built for agents.

×

Your AI assistant needs a Stripe key to write a script. You paste it into the prompt. It's now in the model provider's logs, context caches, and who-knows-where else.

×

Cloud password managers won't expose a secure API to local agents. Even if they did, there's no per-agent scoping — one compromised agent is game over.

×

Self-hosted vaults exist, but none speak MCP. You're left gluing shell scripts to op get and hoping the agent reads the output correctly.

×

Audit: your PW manager tells you "an app accessed this item." Which app? Which agent? Which script? Unknown.

Architecture

Local daemon. Agent-scoped access.

01

MCP-native

Expose secrets to Claude Code, Cursor, any MCP client. Per-agent grants: read, reveal_secret, write, delete × glob scope.

One grant flips the agent to deny-by-default

02

KEK/DEK architecture

Password derives the KEK. DEK is random, only rotated via fnox reset. XChaCha20-Poly1305 on items and DEK wrap. SQLCipher at rest.

Crypto decisions documented in ADRs

03

Hash-chained audit

Every read, write, reveal is appended to a hash chain. Tamper with a log entry and fnox audit-verify catches it. Immutable for real.

Audit log you can actually defend in court

04

Zero-cloud sync

Optional TLS + bearer-auth relay lets your devices sync without trusting a vendor. Run the relay on your own VPS or skip sync entirely.

Your secrets never leave hardware you control

Quickstart

Running in 90 seconds. 

cargo build --release --workspace
sudo install -m 0755 target/release/fnox        /usr/local/bin/fnox
sudo install -m 0755 target/release/fnox-daemon /usr/local/bin/fnox-daemon

fnox install-service
fnox init          # prints a 24-word recovery mnemonic ONCE
fnox unlock
fnox add --title "Stripe Live" --vault "Apex Radius" --category login
fnox get "Stripe"  # now available to every authorized agent

Security features

Built on principles, not marketing.

SQLCipher at rest

PRAGMA key HKDF-derived from the DEK

XChaCha20-Poly1305

Length-prefixed AAD everywhere

MFA second factor

TOTP + single-use backup codes

Signed releases

Ed25519 manifest verified before download

Per-agent ACLs

Glob-scoped, deny-by-default on first grant

Atomic commits

Crash-safe DB + sidecar two-file writes

Import/export

JSON, CSV, 1Password, Bitwarden

CLI + MCP + desktop

Three surfaces, one vault

DR runbook

Documented full-host recovery drill

Download

FortNox 0.1.0

Pre-release builds. The macOS DMG is now signed by Apex Radius and notarized by Apple. Windows is signed-pending until v0.2.

macOS

Apple Silicon

arm64 · M1, M2, M3, M4

15 MB

DMG containing fnox, fnox-daemon, and an install.sh that drops them into /usr/local/bin.

Download .dmg

SHA-256 checksum

Windows

x86_64

Windows 10 & 11 · 64-bit

13 MB

ZIP with fnox.exe (CLI). Extract anywhere, add to PATH, run fnox init. Direct vault commands work standalone — daemon mode (persistent unlock, MCP) lands in 0.2.

Download .zip

SHA-256 checksum

On Linux? Build from source — the README has a 4-line cargo quickstart.

Take it.

Free forever for individuals. Self-hosted team relay. Paid support + hardened builds for companies that need it.

Download See pricing