← All apps
Security · Notes

Secure Notes

Encrypted notes for sensitive info

An on-device store for the sensitive details you don’t want in the cloud, with typed items for logins, secure notes, payment cards, identities, and SSH keys, all sealed to Passport Prime.

View the code

Last updated Jun 2026

Passport Prime

Your secure notes

Overview

A hardware-backed place to keep the sensitive details you don’t want in a cloud notes app: passport and driver’s-license numbers, card and bank details, insurance info, SSH keys, and anything else worth sealing. Items are typed (login, secure note, payment card, identity, SSH key), organized with folders, tags, favorites, and custom fields, and any record can be set to require a PIN before it is revealed.

A working prototype built on the KeyOS Seed Vault app pattern, running in the Foundation simulator today. It can import an unencrypted Bitwarden JSON export, with a review step that flags fuzzy duplicates and a summary of imported, skipped, and failed items. Screens shown are from the working prototype.

What it does

  • Typed items (login, secure note, payment card, identity, SSH key) with folders, tags, favorites, and custom fields.
  • Imports an unencrypted Bitwarden JSON export, with fuzzy duplicate detection and an import summary.
  • Any record can require a PIN before it is revealed, via the KeyOS PIN flow.
  • Builds on the KeyOS Seed Vault app pattern.

Technical breakdown

How the proof-of-concept is built, for developers evaluating the platform.

01

Sealed at rest

Items are held in the KeyOS Seed Vault app store and sealed to the device. The exact at-rest encryption guarantees, and whether an additional app-level encryption layer is needed on top of the KeyOS storage layer, are among the items still being confirmed for production.

02

Status

Runs in the Foundation simulator today, with the full Bitwarden import flow working. Export back to Bitwarden is not yet implemented, and the at-rest encryption guarantees are still being confirmed.

Dig into the source

README, architecture notes, and the wire protocol live in the repo.

owenkemeys/KeyOS-Secure-Notes

More on Passport Prime