Your master secret is stored without encryption. Set a PIN to protect it with AES-256-GCM.
Choose 4–8 digits. This PIN encrypts the master secret on disk. If you forget it, you must reset the device.
Bunker recommended
Use your existing nsec as-is. Heartwood acts as a NIP-46 remote signer — your current npub stays the same. Connect from NostrHub, Amethyst, or any NIP-46 client.
nsec-tree (mnemonic) advanced
Derive a new master identity from a BIP-39 mnemonic at path m/44'/1237'/727'/0'/0'. Creates a separate nsec-tree root for deriving unlinkable child identities. Different npub from your current one.
nsec-tree (from nsec) advanced
Derive a new nsec-tree root via HMAC-SHA256 from an existing nsec. Creates a separate master identity for child derivation. Different npub from the input nsec.
Hardware HSM advanced
No master secret is stored on the Pi. NIP-46 signing requests are forwarded to an ESP32 hardware security module over serial. The ESP32 holds the key; this device is a proxy only.
Word 1 of 24
Write this word down. Do not store it digitally.
Verify word 1 of 24
Type the word you wrote down to confirm your backup.
Word 1 of 24
Your secret is encrypted with your PIN and stored on this device only. If you forget the PIN, you must reset the device.
Master pubkey
Bunker connection string
Paste this into NostrHub, Amethyst, or any NIP-46 client to connect.
Tor address
Access this device from anywhere via Tor Browser or a .onion-capable client.
Reset wipes the stored secret and returns to setup. Your key is not deleted from existence — only from this device.
Security
Set or clear the boot PIN on the connected ESP32. The device must be connected over serial. You will need to press the physical button on the ESP32 to confirm the change (up to 30 seconds).
Relays
NIP-46 bunker traffic flows through these relays. Clients connect to your bunker via these same relays.
Tor
Expose the web UI as a .onion address. Off by default.
Bunker Clients
When apps connect to your bunker (NostrHub, Amethyst, etc.), they appear here. Approve them to allow signing.
Device Password
Set a password to protect this web UI. Required for access over any network.