samehabouelsaad/sal-modular
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7d7f94f114
sal-modular/vault/README.md

71 lines
2.5 KiB
Markdown
Raw Blame History

# vault: Cryptographic Vault for Native and WASM
`vault` provides a secure, async, and cross-platform cryptographic key management system. It leverages the `kvstore` crate for persistent storage and supports both native (desktop/server) and WASM (browser) environments.
## Features
- **Keyspace management**: Create, unlock, and manage encrypted keyspaces.
- **Keypair operations**: Add, remove, list, export, and use keypairs for signing and verification.
- **End-to-end encryption**: All key material is encrypted at rest using modern ciphers (ChaCha20Poly1305, AES-GCM).
- **Async API**: All operations are async and runtime-agnostic.
- **Cross-platform**: Native uses `sled` via `kvstore::native::NativeStore`, WASM uses IndexedDB via `kvstore::wasm::WasmStore`.
- **Pluggable logging**: Uses the standard `log` crate for logging, with recommended backends for native (`env_logger`) and WASM (`console_log`).
## Logging Best Practices
This crate uses the [`log`](https://docs.rs/log) crate for all logging. To see logs in your application or tests, you must initialize a logger:
- **Native (desktop/server):**
- Add `env_logger` as a dev-dependency.
- Initialize in your main or test:
```rust
let _ = env_logger::builder().is_test(true).try_init();
```
- **WASM (browser):**
- Add `console_log` as a dev-dependency.
- Initialize in your main or test:
```rust
console_log::init_with_level(log::Level::Debug).expect("error initializing logger");
```
Then use logging macros (`log::debug!`, `log::info!`, `log::warn!`, `log::error!`) throughout your code and tests.
## Usage Example
```rust
use vault::{Vault, KeyType, KeyMetadata};
use kvstore::native::NativeStore;
#[tokio::main]
async fn main() {
let store = NativeStore::open("/tmp/vaultdb").unwrap();
let mut vault = Vault::new(store);
let keyspace = "myspace";
let password = b"secret";
vault.create_keyspace(keyspace, password, "pbkdf2", "chacha20poly1305", None).await.unwrap();
let key_id = vault.add_keypair(keyspace, password, KeyType::Ed25519, None).await.unwrap();
println!("Created keypair: {}", key_id);
}
```
For WASM/browser, use `kvstore::wasm::WasmStore` and initialize logging with `console_log`.
## Testing
### Native
```sh
cargo test -p vault --features native
```
### WASM
```sh
wasm-pack test --headless --firefox
```
## Security Notes
- All cryptographic operations use vetted RustCrypto crates.
- Password-based key derivation uses PBKDF2 by default (10,000 iterations).
- All sensitive data is encrypted before storage.
## License
MIT OR Apache-2.0
Reference in New Issue View Git Blame Copy Permalink