sal-modular/vault
2025-05-16 02:06:41 +03:00
..
src tests: Add browser WASM tests for evm_client 2025-05-16 02:06:41 +03:00
tests tests: Add browser WASM tests for evm_client 2025-05-16 02:06:41 +03:00
Cargo.toml feat: Add SessionManager for ergonomic key management 2025-05-16 00:15:07 +03:00
README.md feat: Refactor kvstore and vault to use features and logging 2025-05-15 16:42:19 +03:00

vault: Cryptographic Vault for Native and WASM

vault provides a secure, async, and cross-platform cryptographic key management system. It leverages the kvstore crate for persistent storage and supports both native (desktop/server) and WASM (browser) environments.

Features

  • Keyspace management: Create, unlock, and manage encrypted keyspaces.
  • Keypair operations: Add, remove, list, export, and use keypairs for signing and verification.
  • End-to-end encryption: All key material is encrypted at rest using modern ciphers (ChaCha20Poly1305, AES-GCM).
  • Async API: All operations are async and runtime-agnostic.
  • Cross-platform: Native uses sled via kvstore::native::NativeStore, WASM uses IndexedDB via kvstore::wasm::WasmStore.
  • Pluggable logging: Uses the standard log crate for logging, with recommended backends for native (env_logger) and WASM (console_log).

Logging Best Practices

This crate uses the log crate for logging. For native tests, use env_logger; for WASM tests, use console_log.

  • Native (in tests):
    let _ = env_logger::builder().is_test(true).try_init();
    log::info!("test started");
    
  • WASM (in tests):
    console_log::init_with_level(log::Level::Debug).expect("error initializing logger");
    log::debug!("wasm test started");
    

Use log::debug!, log::info!, log::error!, etc., throughout the codebase for consistent and idiomatic logging. Do not prefix messages with [DEBUG], [ERROR], etc. The log level is handled by the logger.

Usage Example

use vault::{Vault, KeyType, KeyMetadata};
use kvstore::native::NativeStore;

#[tokio::main]
async fn main() {
    let store = NativeStore::open("/tmp/vaultdb").unwrap();
    let mut vault = Vault::new(store);
    let keyspace = "myspace";
    let password = b"secret";
    vault.create_keyspace(keyspace, password, "pbkdf2", "chacha20poly1305", None).await.unwrap();
    let key_id = vault.add_keypair(keyspace, password, KeyType::Ed25519, None).await.unwrap();
    println!("Created keypair: {}", key_id);
}

For WASM/browser, use kvstore::wasm::WasmStore and initialize logging with console_log.

Testing

Native

cargo test -p vault --features native

WASM

wasm-pack test --headless --firefox

Security Notes

  • All cryptographic operations use vetted RustCrypto crates.
  • Password-based key derivation uses PBKDF2 by default (10,000 iterations).
  • All sensitive data is encrypted before storage.

License

MIT OR Apache-2.0