Security

Trust boundaries you can point to.

Security in vecterm is a set of concrete decisions — not a wall of badges. Here's what those decisions are.

Local-first architecture

Your connections, sessions, and history live on your device. Cloud features are opt-in and clearly labeled.

Keychain-backed credentials

Secrets stay in macOS Keychain. vecterm references them; it does not store plaintext credentials on disk.

Touch ID gating

Sensitive actions — like exposing a secret — require an explicit biometric confirmation.

Explicit host verification

Every first-time host is confirmed by fingerprint. Mismatched keys block the connection and surface a clear diff.

Redacted logs by default

Command output can be redacted from history. Redacted content never syncs, exports, or ships to a third party.

Clear trust boundaries

Every network boundary is visible in the UI. You always know what leaves your device and why.

What vecterm does
  • Stores credentials in the platform keychain
  • Verifies every host by fingerprint
  • Keeps session history on-device by default
  • Signs its own release binaries
What vecterm does not do
  • No silent transmission of terminal output to third parties
  • No forced cloud dependency to use the product
  • No fabricated compliance badges or unverifiable claims
  • No blanket "military-grade" marketing language

A formal security overview, dependency posture, and disclosure process will be published alongside general availability.