sovsealsovseal
WelcomePlatformSelf-HostedCookbooksIntegrationsSDK ReferenceAPI ReferenceComponentsChangelog
Verified by the sovseal team

Project Settings

Configure project metadata, devices, and security toggles.

Deployment ModelAvailability
Platform✓ Available
Self-Hosted✓ Available

Honesty Ledger (Provenance Layer): General settings, device logs, and sync options belong to the Server-known (Layer A) layer, while session timeouts execute in the Client-derived (Layer B) layer.

ZK Trust Boundary:

  • What the server sees: Persisted settings JSON, active device metadata (OS, browser type, last active time), and project descriptions.
  • What stays on device: Decryption key files, plaintext data stores, and session activity timers.

Project Settings

The Settings page lets you configure project descriptions, trace connected clients, toggle zero-knowledge preferences, and delete projects.

Project Settings UI

The Three Security Toggles

  1. Telemetry Opt-in (telemetry_opt_in):
    • Default OFF: Telemetry is disabled by default. If enabled, the server only records aggregate counts (total memory counts, total encrypted bytes, device counts).
    • Strictly Content-Free: There are strictly zero columns for plaintext content in the telemetry database schema. The table is locked by Row Level Security (RLS) bound by CHECK constraints.
    • Fully Reversible: Disabling the toggle stops all reporting and blocks the endpoint.
  2. Hosted Sync (hosted_sync):
    • Toggles whether local replication queues push envelopes to the hosted HA edge endpoints (paid) or fall back to local browser storage only (free).
  3. Session Lock (session_lock):
    • Configures the client browser to automatically wipe the project key from memory after 15 minutes of inactivity. Re-opening the workspace requires reloading the key file.

Connected Sync Devices

The settings panel lists all active clients currently syncing to this project token:

  • Device Details: Displays client names (Chrome, CLI, etc.), connection status, and last sync timestamps.
  • Revocation: Admins can revoke individual device sessions, invalidating their tokens and blocking future replication syncs.

Danger Zone

Deleting a project is irreversible:

  • Purge Process: Initiating a deletion permanently purges all ciphertext envelopes, project tokens, and key grants from the replication server.
  • Key Safety: The server never holds your decryption key, so it cannot revoke or purge it. The master key lives in your OS keychain — to fully de-provision a device, delete ~/.sovseal/config.json (identity/routing) and remove the sovseal master entry from the OS keychain (or the SOVSEAL_KEY_FALLBACK=file key file, if used).

Offline Reference Analogs: This documentation was written with visual and rhythm reference to platform/features/platform-overview.html.

API Keys

Secure API Key creation, usage, and revocation lifecycle.

Usage & Billing

Monitor project usage and manage subscription plans.

On this page

Project SettingsThe Three Security TogglesConnected Sync DevicesDanger Zone