Summary
Currently nostr login only supports importing raw nsec keys stored on disk at ~/.nostr/accounts/<npub>/. This works but has limitations for agents and security-conscious users who don't want private keys on disk.
Proposal
Support Open Wallet Standard as an alternative to the ~/.nostr/ local key storage. This would allow nostr-cli to delegate signing to an external wallet/signer rather than managing nsec keys directly.
Benefits
- No keys on disk — agents and bots can sign events without storing nsec in plaintext files
- Multi-protocol — OWS supports Nostr, Bitcoin, and other protocols through a unified interface
- Composable — other tools and agents can share the same signer without duplicating keys
- Better security model — signing happens in a dedicated wallet process, not in every CLI tool
Possible UX
# Instead of importing nsec:
nostr login --nsec nsec1...
# Connect to an OWS-compatible wallet:
nostr login --wallet # discover local OWS provider
nostr login --wallet <url> # connect to specific signer
The CLI would request signatures from the wallet when posting, sending DMs, etc., rather than reading from ~/.nostr/accounts/.
Related
Great CLI btw — the DM and bot-friendly features are exactly what agents need. 🤙
Summary
Currently
nostr loginonly supports importing raw nsec keys stored on disk at~/.nostr/accounts/<npub>/. This works but has limitations for agents and security-conscious users who don't want private keys on disk.Proposal
Support Open Wallet Standard as an alternative to the
~/.nostr/local key storage. This would allownostr-clito delegate signing to an external wallet/signer rather than managing nsec keys directly.Benefits
Possible UX
The CLI would request signatures from the wallet when posting, sending DMs, etc., rather than reading from
~/.nostr/accounts/.Related
Great CLI btw — the DM and bot-friendly features are exactly what agents need. 🤙