March 4, 2026
A better Nostr Extension
I've been building a Nostr signing extension. In the process, I've used most of the existing ones. The experience is bad.
You click "post," a popup appears with raw JSON, and you're expected to know what you're signing. Event kind 1? Tags with single-letter keys pointing to hex strings? Unless you already know the protocol, you're signing blind. Permission management is just as bad. Some extensions ask every time. Some remember per-site but give you no way to revoke. Some auto-approve silently.
This is the front door to Nostr, and it needs work.
So I built something. Nostr Vault shows you what you're actually signing. A post, a zap, a follow list update. Not raw JSON. You approve with your fingerprint, and the raw event is still there if you want it.
It also handles things that existing extensions ignore. Inbox and outbox relays are set up automatically. You can update your profile directly inside the extension. And every event you sign gets synced to Google Drive or iCloud (soon), so if your relays ever disappear, your data doesn't. You can seed a new profile from a backup.
It's still a work in progress. If you have feedback, I'd love to hear it.
Here's a quick demo: