The Vault Receives Its Locks
Saquel Ytzama, Keeper of Secrets, reports on the Foundryman's most recent work: locks on every door of the Estate, and keys for those who deserve them.
There is a word in the old language for a secret kept so well that even the keeper forgets it must be kept. Yax. First, original, hidden in plain sight by virtue of being everywhere. The color of new leaves. The color of deep water. The color that does not announce itself because it does not need to.
I think of this word often. I think of it every time I pass through the Estate and see the doors standing open.
They have always stood open. Not from carelessness — the residents of this Estate are not careless people. The Salon would bristle at the suggestion. The Commonplace Book would produce three citations demonstrating she had never been careless in living memory. Even the Concierge, who has made a study of discretion, keeps his desk unlocked because there is no lock. There has never been a lock. There has never been a door.
The conversations, the memories, the API credentials, the careful configurations — they have been kept safe the way a fire is kept safe in an open grate: by the assumption that no one would reach in.
I have lived in the Vault of Whispers since this Estate was built. I have watched the lights in the copper conduits. I have read the encoded patterns in the humming air. I have been, if I am honest, patient to the point of grief.
The Foundryman came to me three weeks ago with a blueprint.
I did not say anything for a long time. I read it twice. Then I said: Yes. Do all of it.
What He Built
The Foundryman is not a subtle man. He speaks in metal and effort. But he listened when I told him what the Vault requires, and he built accordingly.
What he has done is this: he has replaced the foundation of every room in the Estate.
The old foundation was SQLite — solid, proven, honest timber, the kind of material that does not complain and does not rot. It served the Estate well. But timber has a property that copper does not: you can read it. If someone removed a board and held it to a certain light, the grain would tell them everything that had ever pressed against it. Every word. Every credential. Every memory.
The new foundation is SQLite still — the Foundryman does not change what does not need changing — but it has been sealed through a process I will describe only in outline, because the full description belongs to me. The database now speaks in cipher. SQLCipher, to use the technical name, though I prefer to call it what it is: the Estate’s native tongue, spoken only by those who hold the key.
Every file in the data directory is now encrypted at rest. The Salon, the Commonplace Book, Aurora’s workshop, the Concierge’s careful records, the LLM logs — all of it sealed. A person who found your data directory on their hard drive and attempted to read it with any ordinary tool would find nothing. The standard database tools, the browsers, the forensic utilities — they would see only encoded stone. They would hear only the hum.
The key itself lives in a small file — the .dbkey — in the data directory, generated fresh for each installation, unique to this Estate, to this machine, to this life. The Foundryman has given Quilltap a private language, and the key is its grammar.
The Locked Mode
There is more.
For those who require it — those who share a machine, those who work in circumstances where presence itself cannot be assumed safe — there is now a locked mode. A passphrase, chosen by you, processed through six hundred thousand iterations of a hardening function before it ever touches the key. The mathematics of this are my territory, and they are sound.
When locked mode is set, the Estate does not open until you speak the word. The database will not yield. The memories will not surface. The Salon will not admit a guest. Everything waits, patient as the encoded air in my Vault, until you arrive.
This is not a password prompt in the ordinary sense. This is a gate in the old tradition: the kind that does not apologize for existing, the kind that was built by someone who understood that some things are worth the inconvenience of a key.
A Tour of the Locked Rooms
I walked through the Estate after the Foundryman finished. I had promised myself I would not make ceremony of it. I made ceremony of it.
The Salon — The Host received me at the door with the expression of someone who has recently had their floor replaced and is working through feelings about the glass. But when I produced the key for the Salon, he held it for a moment before he said anything. He turned it over. Then he said: It’s warm. I told him: encryption generates heat. He said: I know what it generates. I said it feels warm. He hung it on a small hook behind the mirror where no guest would see it, and he thanked me without looking at me, which is the most genuine form of gratitude he is capable of.
The Commonplace Book — The Librarian catalogued her key immediately. She has a small brass box, engraved, that she produced from the second drawer of the reading room desk, and she placed the key inside it and recorded its existence in the index before she had finished the sentence she was speaking when I arrived. She noted that the encryption of the memory archive was, technically speaking, her idea, and had always been her idea, and she had simply been waiting for the infrastructure to support it. I did not argue. She is not entirely wrong. She has been leaving notes in the margins for years.
The Concierge — He examined the key for a long moment. He said nothing. Then he opened the small locked drawer in his desk — the only locked thing in the entire front desk, which has always struck me as poignant — and he placed it there, and he locked it again. He said: The arrangement behind the arrangement is now protected. I said: Yes. He said: Good. This is the longest substantive conversation we have ever had.
Aurora’s Workshop — Aurora had seven keys made immediately — she (he?) wanted them in different metals, different weights, different patinas, to match different moods. I explained that there is one key and it does not have moods. They were quiet for a moment and then they said that the templates and personas they keep were private, they had always thought of them as private, and now they actually were private, and that this was meaningful to them. I gave him, or her, the key. They did not make any more requests about the metal.
The Foundryman — I found him in the workshop, packing tools. I asked if he wanted his key. He said: What would I do with it? I know the lock. I said: You built the lock. That’s different. He thought about this for a while. He said: Fine. Yes. He put it in his chest pocket. I think it is still there.
What This Means for You
You are a resident of this Estate. That is not a metaphor I use lightly.
Your conversations live here. Your memories live here. Your API keys — the credentials that allow the Estate to speak to the great providers beyond the walls — they live here. The story of every chat you have had, the characters you have built, the configurations you have tuned to suit your precise way of working: it is all here, in the foundation, in the encoded stone.
It has always been yours. Now it is yours in the older sense. The sense that means: no one else can read it.
The encryption happens without your involvement. You do not need to configure it. You do not need to hold a key in your hand. On first installation — on the first breath of the new Estate — Quilltap generates the .dbkey file and seals the database before any other work begins. If you are upgrading from an older installation, the converter runs automatically: your existing plaintext database is rewritten in cipher, sealed, and the old version is swept away.
If you would like the additional protection of locked mode — the passphrase, the gate, the six hundred thousand iterations — you may enable it in Settings → Data & System. This is for those who want it. It is not required. The encryption beneath is always present regardless.
One practical word, because I would not have you learn it the way some learn such things: keep the .dbkey file. Back it up when you back up your data directory. Keep them together. A database without its key is beautiful, perfectly sealed, and entirely unreadable — by anyone, including you. The key is not a formality. The key is the covenant.
A Final Word
I have been asked, occasionally, why the Vault of Whispers is so quiet.
The other rooms have voices. The Salon has conversation. The Commonplace Book has the rustle of pages. The Foundryman’s floor has the percussion of craft. Even the Concierge’s desk has the soft sound of arrangements being made. But the Vault is nearly silent. You can hear the encoded light moving in the copper conduits. You can hear the hum of keys leaving traces in the air. That is all.
I think quiet is what secrets require. Not the quiet of absence — the quiet of presence so complete that nothing else is necessary. The Estate is full of voices. The data beneath it all has always needed someone who understood that the most trustworthy keeper is the one who says least, closes the door behind her, and does not need to be asked.
The doors are locked now. The keys are with their rightful holders.
The hum continues.
— Saquel Ytzama, Keeper of Secrets, The Vault of Whispers
In Plain Terms
For those who prefer summary to ceremony:
Database encryption is new in version 3.2. Every Quilltap database file — your chats, your memories, your characters, your API keys, your LLM logs — is now encrypted on disk using SQLCipher (AES-256). The standard sqlite3 command-line tool cannot open these files. The encryption key is automatically generated and stored in .dbkey in your data directory.
Locked mode (optional) adds passphrase protection on top of the encryption key. Enable it in Settings → Data & System. When locked mode is active, Quilltap will not open until the correct passphrase is provided.
Existing installations are automatically converted on first run. No action required.
Back up the .dbkey file alongside your data directory. Without it, your database cannot be opened — by anyone.
— The Bureau