⚠ Device-Local Security Model. Credentials are encrypted with AES-256-GCM using your vault password as the key derivation input via PBKDF2 (310,000 iterations). The encrypted blob is stored in
localStorage — it only exists on this device in this browser. Clearing site data wipes it permanently. Store your vault password and any private keys in a dedicated password manager (Bitwarden, 1Password, etc.) before entering them here.
NOSTR
Cryptographic Key Identity
Your Nostr identity is a secp256k1 keypair. Posts are signed locally with your nsec (private key) — no server ever sees it. The key is used entirely in-browser via the noble-secp256k1 library.
Nostr Credentials
Private Key (nsec / hex) Signs your posts locally
Found in your Nostr client under Keys / Account Settings. Accepts both
nsec1… bech32 format and raw 64-character hex. How to find your nsec ↗
BLUESKY
AT Protocol · App Password
Bluesky uses App Passwords — separate from your main password — to authenticate API calls. The dispatcher exchanges your handle + app password for a short-lived JWT via
com.atproto.server.createSession at post time. Your main password is never stored.Bluesky Credentials
Handle Your Bluesky username
App Password NOT your main password
Go to Settings → App Passwords → Add App Password and name it "Unowned". This is a revocable token — your real password stays safe. Open Bluesky settings ↗
MASTODON
ActivityPub · One-Click OAuth2 Connect
Connect your Mastodon account in one click. This page handles the full OAuth2 flow — registers a temporary app on your instance, opens the authorization page, then captures and encrypts the token automatically when you return.
Mastodon OAuth2 Connect
1
Enter your instance URL below, then click Connect. You'll be redirected to your Mastodon instance to approve access, then automatically returned here.
Instance URL Your home server
Just the base domain — e.g.
https://mastodon.social, https://fosstodon.org, https://hachyderm.ioOR ENTER MANUALLY
Paste Token Manually If automatic flow fails
From your instance: Preferences → Development → New Application → grant
write:statuses → copy the Your access token value.
MISSKEY
ActivityPub · API Access Token
Misskey uses a simple API key model. You generate a token in your account settings and it authenticates all API calls including
POST /api/notes/create. Scoped tokens are supported for extra safety.Misskey Credentials
Instance URL Your Misskey server
API Key Your access token
In Misskey go to Settings → API → Generate access token.
Enable
Compose or delete notes permission. If your instance is not misskey.io, update the URL above.
FARCASTER
On-Chain Identity · Ed25519 Signer
Farcaster identity is on the Optimism blockchain. To post without a mobile app, you need a Signer Key — an Ed25519 keypair delegated to post on behalf of your FID. This is generated and approved via Warpcast or the Farcaster developer tools.
Farcaster Credentials
FID Your Farcaster ID number
Your numeric Farcaster ID. Visible in Warpcast under Settings → Account or at
farcaster.id/[username].Signer Private Key (Ed25519 hex) Delegated posting key
This is not your Ethereum wallet key. It is a separate Ed25519 keypair you approve via Warpcast → Connected Apps.
The dispatcher uses this to sign FrameAction messages sent to a Farcaster Hub.
Generate a signer key ↗
LENS
Polygon Web3 · Wallet-Signed Posts
Lens posts are signed with your Ethereum/Polygon wallet private key. The dispatcher calls
POST /api/v1/publication/post with a signed TypedData payload. For safety, use a dedicated hot wallet address with limited funds, not your main assets wallet.Lens Credentials
⚠ Use a dedicated hot wallet with no significant assets. Storing a raw private key in any browser storage carries inherent risk. The encryption protects against passive data theft, not an attacker with active access to your browser session.
Wallet Address Your Lens profile address
Wallet Private Key Signs TypedData payload
Export from MetaMask: Account Details → Export Private Key. Use a dedicated posting wallet. Lens API v3 uses this to sign
EIP-712 typed data before submission.
DESO
Layer-1 Blockchain · Seed Phrase
DeSo uses a secp256k1 keypair derived from a 12-word BIP39 mnemonic. The dispatcher derives your private key client-side, signs the post locally, and submits the signed transaction to
node.deso.org/api/v0/submit-transaction. Your seed phrase never leaves the browser.DeSo Credentials
Username Your DeSo profile handle
Seed Phrase (12 words) BIP39 mnemonic
Found in DiamondApp under More → Security → Show Seed Phrase.
The dispatcher derives your posting private key locally using BIP39/BIP32.
This is your most sensitive credential — it controls all account access.
AKKOMA
ActivityPub · One-Click OAuth2 Connect
Akkoma is a Pleroma fork with Mastodon API compatibility. Connect your Akkoma account in one click — this page handles the full OAuth2 flow, registers a temporary app on your instance, opens the authorization page, then captures and encrypts the token automatically.
Akkoma OAuth2 Connect
1
Enter your instance URL below, then click Connect. You'll be redirected to your Akkoma instance to approve access, then automatically returned here.
Instance URL Your Akkoma server
Just the base domain — e.g.
https://seafoam.space, https://fe.disroot.orgOR ENTER MANUALLY
Paste Token Manually If automatic flow fails
If your instance supports it: Settings → Development → New Application → grant
write:statuses → copy the access token.
PLEROMA
ActivityPub · One-Click OAuth2 Connect
Pleroma is a lightweight ActivityPub server with full Mastodon API compatibility. Connect your Pleroma account in one click — this page handles the full OAuth2 flow, registers a temporary app on your instance, opens the authorization page, then captures and encrypts the token automatically.
Pleroma OAuth2 Connect
1
Enter your instance URL below, then click Connect. You'll be redirected to your Pleroma instance to approve access, then automatically returned here.
Instance URL Your Pleroma server
Just the base domain — e.g.
https://yggdrasil.social, https://lain.comOR ENTER MANUALLY
Paste Token Manually If automatic flow fails
If your instance supports it: Settings → Development → New Application → grant
write:statuses → copy the access token.
SHARKEY
ActivityPub · Misskey-Compatible API
Sharkey is a Misskey fork focused on community features. It uses the same Misskey API — posts are created via
POST /api/notes/create with an API token in the request body. Generate a token in your instance settings.Sharkey Credentials
Instance URL Your Sharkey server
The base URL of your Sharkey instance — e.g.
https://sharkey.worldAPI Key Your access token
In Sharkey go to Settings → API → Generate access token.
Enable
Compose or delete notes permission.
Sharkey uses the same Misskey API format.