nsecBunker allows one to import your Nostr private keys to a secure, trusted environment (e.g. HSM, self-hosted in your basement, etc) and enforce various signing policies. Interested users can already join the waitlist.
Within nsecBunker there are two distinct sets of keys: user keys and nsecBunker's key.
User keys: The keys that users want to sign with (e.g. your personal or company's keys).
"These keys are stored encrypted with a passphrase; the same way Lightning Network's LND stores keys locally: every time you start nsecBunker, you must enter the passphrase to decrypt it. Without this passphrase, keys cannot be used."
nsecBunker's key: "nsecBunker generates it's own private key, which is used solely to communicate with the nsecBunker administration UI. If these keys are compromised, no key material is at risk."
"To interact with nsecBunker's administration UI, the administrator(s)' keys must be whitelisted within nsecBunker. All communication between the administrator and the nsecBunker is end-to-end encrypted with these two set of keys."
"Non-whitelisted keys simply cannot talk to nsecBunker's Administration UI."