DRM for logs

Safer application logs.

TN is a logging library that keeps your logs from leaking secrets by accident. The Vault keeps your credentials safe across machines and handles sharing, rotating, and restoring for you.

Think of TN as DRM for your application logs: encrypted per reader, signed at the source, unlockable only by parties you authorize.

Application logs are essential. They are the recorded history of what your software did: a source of truth for monitoring, troubleshooting, and security. We need more of them, and we need them safe wherever the app runs.

See the case study Sign in
Getting Started

Two lines to start.

tn init gives you keys. tn.log writes attested records against them. tn.read gets them back. That is the whole surface.

# one-time: generate keys, write tn.yaml, register your DID
tn init my-project

# from your app, one line per event
tn.log("order.placed", order_id=o.id, amount=o.total)

# read the log back
tn.read()

TN was designed from day one to be used by AI agents and LLM-based vibe coding. The SDK surface is small on purpose so an assistant can drop it into any file correctly on the first try. Point your agent at tnproto.org/AGENT.md and ask.

Use it with your agent →

What changes

From print to controlled sharing.

Before
Regular logging
// one line, everything visible
print("order placed", order.id, user.email, user.card_last4)
stdout
order placed ord_8fKq alice@acme.com 4242
Every reader of your log sees every field. Email and card number included.
After
Group logging with tn.log
# order_id is public, email in "pii", card in "payments"
tn.log("order.placed",
       order_id=order.id,
       email=user.email,
       card_last4=user.card_last4)
.tn/log/order.placed.ndjson
{"event":"order.placed",
 "ts":"2026-04-29T18:22:14Z",
 "order_id":"ord_8fKq",
 "pii": "eyJjdCI6IkFRSURCQVVHQ…",
 "payments": "eyJjdCI6IkNnc01EUTRQ…",
 "sig": "4mP9R7tYx…kQ2xJ9"}
The actual line on disk. Public field stays readable; sensitive groups are sealed; the row is signed.
Share
Hand a key to whoever needs it
# give the finance team access to "payments"
tn.grant("payments", to="finance@acme.com")
order.placed (finance view)
order_id ord_8fKq
email ●●●●●●●●●●●
card_last4 4242
Finance sees the card column. Email stays hidden. Revoke with one line and new entries go dark again.
What it does

Every log is already locked.

TN turns each record your app emits into a sealed artifact. Encrypted per reader so nobody sees fields they were not granted. Signed at the source so nobody can forge it. You decide who gets to open what, and when that access ends. This is DRM pointed at your logs.

i.

Encrypted per reader

Fields are wrapped to specific readers. A partner sees only the columns you granted them. Everyone else sees ciphertext.

ii.

Signed, so origin is provable

Every entry carries a signature from your credential.

iii.

You hold the grant list

Add a reader and they can decrypt forward from that moment. Revoke them and the next rotation puts every new entry out of reach.

iv.

Nothing is leaky

Lose a device, lose a teammate. The old holder never decrypts anything written after the revoke.

The vault is where the grant list lives and where your credentials stay safe across machines.

What is DRM for logs? → Use it with your agent →

The vault quietly keeps your keys alive.

i.

Keys generated locally

tn init creates your ceremony on your machine. The private half never leaves.

ii.

Wrapped before upload

The SDK encrypts each key file with your local unlock secret. The vault receives ciphertext only.

iii.

Synced continuously

After every rotation or new ceremony, the SDK quietly pushes updated ciphertext to the vault. No command to run.

iv.

Restore on any machine

Run tn wallet restore on a new box. Authenticate with your device key or recovery phrase. Keys unwrap locally. You are back.

Zero-trust by design

What the vault never sees.

  • Your master keys in the clear.
  • Your log entries. Your plaintext fields.
  • The vault is a backup, not a gatekeeper.
  • The SDK works without it. Always has. Always will.
Pricing

Hosted or self-hosted. Same protocol.

Free holds your encrypted backups. Pro adds centralized administration: rotation, grants, revokes, restore. Business adds team membership and additional encryption methods. Self-host runs the same protocol on your own infrastructure.

Self-hostedBYO infra Free$0 Pro$12 / yr$6 / yr BusinessComing soon
Projects ceremonies, one per app Unlimited Unlimited Unlimited Unlimited
Backup + restore encrypted keystores, multi-device recovery Your R2 / S3 Included Included Included
Centralized administration grants, revokes, rotation You operate Included Included
Managed encryption methods per-group cipher selection All (open source) BTN BTN BTN + JWE + MLS
Team membership shared ceremonies, assign keys to teammates DIY Yes
Brute-force-assist decrypt recover which key matches a log entry DIY Yes Yes
SLA Yours None 99.9% 99.95%
Support Community Community Email Priority + Slack
Self-host Start free Choose Pro Join waitlist

The vault never sees your logs. It holds your encrypted keystores and admin records. The SDK works identically with or without it.