https://share.cleanshot.com/y4XbqKpT

Remote signing (NIP-46) has always had a lot of promise. Apps like Amber, nsec.app, and others have made it possible to manage your nostr keys in a way that is safer than browser extensions or pasting your nsec around the internet.

BUT, none of them catered to teams. Groups like nostr:npub1nstrcu63lzpjkz94djajuz2evrgu2psd66cwgc0gz0c0qazezx0q9urg5l and nostr:npub19mduaf5569jx9xz555jcx3v06mvktvtpu0zgk47n4lcpjsz43zzqhj6vzk and many many companies out there are just sharing the main account nsec between different people and using it in different apps. A recipe for disaster.

Keycast aims to finally fix this. It allows you to:

- Manage teams of nostr users

- Manage multiple keys that you want to give others access to

- Create authorizations for those keys that grant specific permissions that can be changed, revoked, etc.

- Create your own custom permissions

- Run the signing infrastructure without any extra work

And do it all in a self-sovereign way. Keycast is meant to be run on your server, by you. I think it's tremendously important that this sort of tool doesn't exist as a hosted service (which would basically be a huge key honeypot over time).

The app is both a management web app AND a backend process that manages sub-processes that listen for remote signing requests, check permissions, and sign events.

There is a basic docker setup to start, but my goal is to have this easily deployable to StartOS, Umbrel, Podman, and others.

Code here: https://github.com/erskingardner/keycast