The zero-knowledge model
Manifa is end-to-end encrypted: every cryptographic operation happens on your device, and the server stores and moves only ciphertext and public parameters. This page states honestly what that does and doesn't hide — see the full threat model for the complete list.
What the server never sees
- File contents — chunked and sealed with AES-256-GCM-SIV under a key derived from the Vault Key. The Vault Key never leaves your devices.
- Filenames and paths — encrypted inside the Manifest (the directory-tree record); only an opaque tag crosses the wire.
.envvalues — sealed as a single opaque blob (an EnvSet).- Any key material — your Account Master Key and Vault Keys exist only in client memory. The server stores only AMK-wrapped blobs it cannot open.
A compromise of the server — or anyone with a stolen session token — yields ciphertext and metadata. Never plaintext contents, names, or keys.
What the server can observe
This is the part most "zero-knowledge" products gloss over. An honest-but-curious server can infer:
- Approximate file sizes — ciphertext size tracks plaintext size, so individual file sizes leak within a bucket.
- File and chunk counts, and overall tree size — roughly how many files a vault holds and its shape.
- Activity and cadence — when and how often you sync and edit secrets.
- Authorship — which device made each change.
- Device platform and enroll/revoke timestamps.
- Name equality within a vault — the server can tell when two operations touch the same (still-unknown) name.
- Key rotations — that a device revocation happened, not who or why.
If those are sensitive to you — "this repo has exactly one 4 KB secret
that changes every Friday" — Manifa does not hide them today. For maximum
metadata resistance on a secrets-only vault, prefer mani env push (a single
opaque blob) over committing secrets as plain files in a synced tree.
The key hierarchy
password ──wraps──► Account Master Key (AMK) ──wraps──► Vault Key (VK) ──derives──► Chunk Key (CK)
recovery code ─────► ▲
device keypair ────────────►- Account Master Key (AMK) — the 256-bit root of your account, generated client-side at signup and never transmitted in plaintext. Every Vault Key is wrapped by it.
- Master password — wraps the AMK. This is distinct from your login (email/OTP or Google) — see onboarding for why there are two separate secrets.
- Recovery code — a 12-word phrase shown once at
mani initthat also wraps the AMK. It's the only way back in if every device is lost. - Device keypair — generated locally on enrollment; the private key never leaves the device (held in the OS keystore — Keychain / secret-service). The AMK is wrapped to each enrolled device's public key.
- Vault Key (VK) — a random 256-bit key per vault, wrapped by the AMK. Encrypts that vault's manifests and derives its chunk keys. Sharing a vault means wrapping the VK to another member.
- Chunk Key (CK) — derived, not stored:
CK = HMAC-SHA256(VK, hash(plaintext_chunk)). This deterministic derivation is what makes convergent encryption — and therefore content dedup — possible without leaking plaintext.
Lose every wrap (no device, no password, no recovery code) and the data is unrecoverable, by design.
Revocation
Revoking a device deletes its wrapped AMK and rotates the Vault Key for every vault that device had access to: new content is encrypted under the new VK; remaining devices keep reading old content via the prior key (an epoch-aware key ring, not a single overwritten key).