Relay

Krillnotes Relay is a lightweight sync server that routes encrypted data between your devices and collaborators — without ever seeing your notes.

Krillnotes is local-first: your notes live on your device, not in the cloud. But when you want to sync between devices or share a workspace with someone else, those encrypted bundles need a way to get from A to B. That’s what the Relay does.

KrillNotes Relay landing page

What the Relay does

The Relay is a store-and-forward server. Krillnotes clients encrypt sync bundles locally, upload them to the Relay, and the Relay routes them to the right recipients based on cryptographic device keys. It also handles workspace invitations via shareable links.

The Relay never sees your data. All content is end-to-end encrypted by the client before it leaves your device. The Relay only reads transport metadata — workspace IDs, device keys, timestamps, and bundle sizes — enough to route the bundle to the right place and nothing more.

How it works

Accounts and devices

One account = one email address tied to one Krillnotes identity. Each device you use gets its own Ed25519 key pair. When you register a device, the Relay issues a Proof-of-Possession (PoP) challenge — you must prove you hold the private key before the Relay will accept the public key. This prevents anyone from registering someone else’s key.

Bundle routing

When you save changes to a synced workspace, the Krillnotes client:

  1. Encrypts the sync bundle locally
  2. Uploads it to the Relay with an unencrypted header listing the recipient device keys
  3. The Relay stores the bundle and makes it available to accounts that own those device keys
  4. Each recipient device downloads and decrypts the bundle locally

Bundles are retained for 30 days, then automatically cleaned up.

Workspace invitations

To share a workspace, Krillnotes uploads an encrypted invite blob to the Relay, which returns a shareable URL. The recipient opens the link, accepts the invitation, and the Relay routes the acceptance back to the inviter. The entire exchange is encrypted — the Relay only knows that an invitation exists, not what’s in it.

Default relay

By default, Krillnotes connects to the public relay at swarm.krillnotes.org, hosted by 2pi Software. It’s free to use with reasonable storage limits (100 MB per account, 10 MB per bundle). It removes accounts which haven’t been used after a while, so if you want to use a relay for more serious work, you should definitely host your own.

Self-hosting

Because the Relay sees transport metadata (who syncs with whom, when, and how much), you may want to run your own. The Relay is a lightweight PHP application designed to run on cheap shared hosting — no dedicated server required.

Self-Hosting
Run your own Krillnotes Relay on shared hosting, a VPS, or Docker.