Standard quantum key distribution protocols are provably secure against eavesdropping attacks, if quantum theory is correct. It is theoretically interesting to know if we need to assume the validity of quantum theory to prove the security of quantum key distribution, or whether its security can be based on other physical principles. The question would also be of practical interest if quantum mechanics were ever to fail in some regime, because a scientifically and technologically advanced eavesdropper could perhaps use post-quantum physics to extract information from quantum communications without necessarily causing the quantum state disturbances on which existing security proofs rely. Here we describe a key distribution scheme provably secure against general attacks by a post-quantum eavesdropper who is limited only by the impossibility of superluminal signalling. The security of the scheme stems from violation of a Bell inequality.