Security
How Blade protects your terminal sessions, data, and communications.
End-to-End Encryption E2EE
Multiplayer sessions use X25519 key exchange with AES-256-GCM encryption. Terminal content and chat messages are encrypted between participants - Blade servers cannot read session data.
TLS Transport TLS 1.3
All WebSocket connections use TLS 1.3 with self-signed certificates and fingerprint-based trust-on-first-use (TOFU) verification.
Local-First Architecture No Cloud
Blade runs entirely on your machine. Terminal data never leaves your computer unless you explicitly share a session. No telemetry, no cloud processing.
Memory Safety Rust
Built in Rust with zero unsafe code in core paths. No buffer overflows, use-after-free, or data races. The compiler guarantees memory safety at compile time.
Session Security
- Invite codes are single-use and expire after 15 minutes
- Session hosts control who can type with driver/observer roles
- Participants can be removed by the session host at any time
- All session data is destroyed when the session ends
SSH Security
- SSH keys are stored only on your local machine
- Blade supports Ed25519 and RSA key types
- Host key verification with known_hosts checking
- Agent forwarding is disabled by default
Reporting Vulnerabilities
If you discover a security vulnerability in Blade, please report it responsibly to security@bladeterm.com. We aim to respond within 48 hours and will credit researchers in our security advisories.