Access Control

Encryption - Who can read?

How does it work?

Encryption on Orbis is powered by Lit Protocol, a decentralized key management network. It allows you to choose who can read your content.

When encrypting content, users can choose a set of rules which other parties need to satisfy to read the content.
Encryption keys are split up and stored across the Lit Protocol and encrypted content is stored on Ceramic.

This setup allows Orbis to reap the benefits of a decentralized and open data layer (Ceramic) while still enabling private content and spaces (via Lit).
It also provides true end-to-end encryption as the content is visible to parties that satisfy the rules only.

Private Messages in Conversations are automatically encrypted based on the recipient list.

Orbis SDK provides encryption & decryption utilities.
Orbis Components handle encryption & decryption automatically.

The entire process is abstracted away for users and developers alike.

Supported chains

Lit supports over 40 chains and counting. The full list can be found on their website (opens in a new tab).

Available Rules

Token Gated (token-gated)

Token Gated encryption rules are Orbis SDK's abstraction to simplify rule configuration.
These rules will be converted to Lit's syntax by our SDK and will be stored in the standardized Lit format.


    "type": "token-gated",
    "chain": "string", // a chain from the supported list
    "contractType": "ERC20 | ERC721 | ERC1155 | SolanaContract",
    "contractAddress": "tokenContractAddress",
    "tokenId": "string", // token ID used to identify ERC1155 tokens
    "minTokenBalance": "string"

Custom rules (custom)

Custom rules allow you to use any Lit-supported encryption rules.

You can find all the different types of rules on their website (opens in a new tab), including EVM, Solana and more.


    "type": "custom",
    "accessControlConditions": [
            // Lit access control conditions


Custom rules support 2 operators or and and.

  • or - at least one rule needs to be satisfied
  • and - both rules need to be satisfied

Rules and operators can be grouped for custom business logic.

    "operator": "and | or"