# Objekt.sh

> Decentralized media storage, encryption, and pay-to-reveal for ENS names.

## Docs

- [Static Site Deployment](/storage/deploy): Deploy a directory as a static website to `tmp.objekt.sh`:
- [Storage Tiers](/storage/tiers): All uploads default to CDN. Paid tiers use [x402](https://x402.org) with USDC on Base — no accounts or API keys needed.
- [Upload & Download](/storage/upload): Returns a URI, permalink, and payment receipt (for paid tiers).
- [Deposit & Purchase](/reveal/deposit): The CLI signs a `RevealDeposit` EIP-712 message. The server verifies the signature and checks ENS ownership (for `.eth` names) or address match (for `0x` addresses).
- [Envelope Metadata](/reveal/metadata): Objekt encrypted envelopes are self-describing. Anyone who encounters a file on IPFS, Arweave, or ENS can inspect it without decrypting.
- [Reveal — Pay-to-Decrypt](/reveal/overview): `reveal.objekt.sh` is a key escrow service that lets content owners sell access to encrypted content. Buyers pay USDC on Base via [x402](https://x402.org), and the view key is released.
- [Trust Model](/reveal/trust): The reveal service is a key escrow. Understanding its trust properties is important.
- [CAIP-10 Chains](/reference/chains): Objekt uses [CAIP-2](https://chainagnostic.org/CAIPs/caip-2) namespaces for chain identification and [CAIP-10](https://chainagnostic.org/CAIPs/caip-10) for account addresses. Each namespace maps to an elliptic curve used for encryption key derivation.
- [CLI Reference](/reference/cli)
- [EIP-712 Types](/reference/eip712): All signatures use the same domain:
- [Installation](/getting-started/installation): Install the CLI globally:
- [Quick Start](/getting-started/quick-start): Encrypt a file so only you and specific recipients can read it:
- [ENS Contenthash](/ens/contenthash): Manage the contenthash record on an ENS name. This is how ENS-native websites resolve via IPFS or Arweave.
- [ENS Media](/ens/media)
- [Envelope Format](/encryption/envelope): Objekt encrypted envelopes use [CBOR](https://cbor.io) (RFC 8949) with a registered tag for instant detection.
- [Encryption](/encryption/overview): Experimental — under heavy R\&D. Do not use for sensitive workloads.
- [Multi-Recipient Encryption](/encryption/recipients): Objekt encrypts content once and wraps the AES key individually for each recipient. Recipients decrypt independently — no coordination needed.
- [View Keys](/encryption/view-keys): View keys let anyone decrypt content without needing a wallet. They're shareable, single-purpose decryption keys.