Trustless on first use
Traditional replication means trusting every node. TOFU inverts this: d-stack decrypts in TEE, other servers replicate encrypted via SHOYU. Your swarm grows, your trust boundary doesn't.
Download Coming SoonData encrypted before it touches Postgres. Your database stores ciphertext. Replicas sync encrypted WAL. Only TEE decrypts on read.
Mutable soy pointers track the WAL head. Replicas download segments and replay locally. Always encrypted at rest.
Lease-based leader election. If d-stack goes down, a new primary claims leadership. Epoch fencing prevents split-brain.
Remove a node by rotating the data key. New key sealed only to remaining members. No re-encryption of existing data required.
Optional Ed25519 signature per row. Untrusted replicas can store data but can't forge it. Write authorization at the row level.
Mix TEE nodes (d-stack) with standard servers. d-stack decrypts and writes. Standard nodes replicate and seed. Same swarm, different trust levels.
Standard Postgres query hits your d-stack node.
XChaCha20-Poly1305 encryption before data touches Postgres. Database stores only ciphertext.
Mutable soy pointer updated. WAL segments available to swarm.
Download WAL via SHOYU. Replay to local Postgres. Data stays encrypted.
Column values sealed. Replicas blind. Your meaning stays in TEE.
Push your TOFU configuration. TEE attestation verifies the environment before secrets are provisioned.
First connection triggers TOFU handshake. Cryptographic identity verified, then cached for future sessions.
Route SHOYU streams through encrypted proxies. Sync Postgres and application state across your infrastructure.
Add nodes without re-keying. Trust propagates through your verified infrastructure automatically.
| S3 + Vault + PgBouncerDIY | Terraform Cloud + RDSTFC+RDS | Spacelift + Secrets MgrSpacelift | TOFU | |
|---|---|---|---|---|
| Encryption Granularity | Disk/TLS | Disk/TLS | Disk/TLS | Row-level |
| Replicas See Plaintext | Yes | Yes | Yes | No |
| Encrypted in Use (TEE) | β | β | β | β |
| Node Revocation | Re-key all | IAM change | IAM change | Key rotation |
| Automatic Failover | Manual | Managed | Managed | 60-90s |
| Write Authorization | App-level | IAM | IAM | Row signatures |
| Hardware Attestation | β | β | β | β |
| Self-hosted | β | β | β | β |
Postgres is just the start. TOFU encrypts and replicates your Terraform state, application configs, and sealed secrets. Row-level encryption for your entire infrastructureβreplicas store ciphertext they can't decrypt. Revoke a node with key rotation, not re-encryption.
The encrypted P2P protocol. End-to-end encrypted swarms with forward secrecy and invite-only membership.
The consumer application. Per-context VPN profiles, dual protocol support, streaming to any device.
Row-level encryption, WAL streaming via SHOYU, trustless replication. Your infrastructure state, sealed in silicon.
TOFU is currently in development for d-stack. Get in touch to discuss early access for your infrastructure.
Follow @secretnodes