173 lines
6.6 KiB
Markdown
173 lines
6.6 KiB
Markdown
# vault1984
|
|
|
|
> *"If you want to keep a secret, you must also hide it from yourself."*
|
|
|
|
A password manager where the server holds your vault and nothing else.
|
|
|
|
Every other hosted vault encrypts your secrets and stores them centrally. The encryption is real. The problem is architectural: steal the database, and you have all the ciphertext you need — plus unlimited time to crack it offline. Iteration counts slow the attack. They don't prevent it.
|
|
|
|
vault1984 is built around a different principle. **The server holds ciphertext it cannot decrypt.** Not policy. Architecture.
|
|
|
|
---
|
|
|
|
## How it works
|
|
|
|
Three tiers. Each with a different trust model.
|
|
|
|
```
|
|
Tier 1 — Metadata (server-readable)
|
|
Entry names, URLs, usernames. The server can see these.
|
|
Knowing someone has a Coinbase account isn't an attack.
|
|
|
|
Tier 2 — Credentials (agent-readable, server-opaque)
|
|
Passwords, API keys, TOTP seeds, SSH keys.
|
|
Encrypted with a key derived from your hardware authenticator.
|
|
The server stores ciphertext it cannot read.
|
|
Your AI agents decrypt locally. The server never sees plaintext.
|
|
|
|
Tier 3 — Sealed (hardware-only)
|
|
Card numbers, passport, government IDs, seed phrases.
|
|
Encrypted with a symmetric key derived from WebAuthn PRF.
|
|
Requires physical authenticator — Touch ID, YubiKey, Titan Key.
|
|
Even a fully authorized AI agent cannot reach Tier 3.
|
|
```
|
|
|
|
Steal the database. You get Tier 1 metadata and encrypted blobs for Tier 2 and 3 that require hardware the server never had. The database is not interesting.
|
|
|
|
---
|
|
|
|
## The security model
|
|
|
|
| Scenario | Tier 1 | Tier 2 | Tier 3 |
|
|
|---|---|---|---|
|
|
| Database stolen | Metadata only | Worthless ciphertext | Worthless ciphertext |
|
|
| Server compromised | Plaintext (during request) | Ciphertext — server cannot decrypt | Not present |
|
|
| Agent compromised | Via MCP | Decryptable by that agent | Not present |
|
|
| Hardware key stolen + PIN | Everything | Everything | Everything |
|
|
|
|
**Tier 2 key derivation:** X25519 keypair derived via HKDF-SHA256 from your WebAuthn authenticator's PRF output. Public key stored on server. Private key: derived client-side during browser session, baked into agent tokens at creation time. Server holds envelopes it cannot open.
|
|
|
|
**Tier 3 key derivation:** Symmetric AES-256 key derived via HKDF-SHA256 from the same PRF output (independent branch). Browser-only. Never leaves the client.
|
|
|
|
Both tiers derive from a single hardware authentication. One tap in the browser unlocks both.
|
|
|
|
---
|
|
|
|
## Quick start
|
|
|
|
```bash
|
|
go build -o vault1984 ./cmd/vault1984/
|
|
./vault1984
|
|
# Open http://localhost:1984/app/
|
|
# Register a passkey → vault is ready
|
|
```
|
|
|
|
No config files, no environment variables, no database setup.
|
|
|
|
---
|
|
|
|
## Managed hosting
|
|
|
|
Don't want to run the server? We host it.
|
|
|
|
Same cryptographic guarantees. We run the infrastructure. We cannot read your Tier 2 or Tier 3 fields — the architecture makes it impossible, not policy.
|
|
|
|
→ vault1984.com
|
|
|
|
---
|
|
|
|
## Features
|
|
|
|
- **One binary** — Go, linux/mac/windows. FIPS mode available (`GOEXPERIMENT=boringcrypto`)
|
|
- **One file** — SQLite per vault. Portable, copy it anywhere
|
|
- **No master password** — WebAuthn only. Touch ID, Face ID, YubiKey, Titan Key, Windows Hello
|
|
- **Three-tier field encryption** — per-field tier assignment, auto-detection on import
|
|
- **AI agent integration** — MCP tools for `get_credential`, `get_totp`, `search_vault`, `list_credentials`, `check_expiring`
|
|
- **Scoped tokens** — per-agent access by tags or entry IDs. Cryptographic scoping, not policy
|
|
- **Auto-detection** — imports auto-flag card numbers, CVV, government IDs, recovery codes as Tier 3 across 15+ languages
|
|
- **Auto-lock** — 60s idle + 15s countdown. Session and key cleared on lock
|
|
- **TOTP generation** — agents can complete 2FA flows autonomously
|
|
- **Browser extension** — Manifest V3, LLM field mapping, autofill on any site
|
|
- **Native import** — Chrome, Firefox, Bitwarden, Proton Pass without LLM. Any format via LLM fallback
|
|
- **Smart dedup** — collision resolution by source modification date
|
|
- **Automatic backups** — weekly, 3-month retention, deterministic per vault ID
|
|
- **Audit log** — every access logged with actor (web / extension / MCP / agent name)
|
|
- **Multi-tenant** — hosted mode with `/v/{vault_id}/` route prefix
|
|
|
|
---
|
|
|
|
## MCP setup
|
|
|
|
Create a token in the web UI (Tokens page):
|
|
|
|
```json
|
|
{
|
|
"mcpServers": {
|
|
"vault1984": {
|
|
"url": "http://localhost:1984/mcp",
|
|
"headers": {
|
|
"Authorization": "Bearer v1984_..."
|
|
}
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
The token contains both the MCP auth credential and the Tier 2 private key (wrapped). The agent decrypts Tier 2 fields locally. The server never sees the key.
|
|
|
|
### Available tools
|
|
|
|
| Tool | Description |
|
|
|------|-------------|
|
|
| `get_credential` | Find and return a credential by query |
|
|
| `list_credentials` | List all accessible entries |
|
|
| `get_totp` | Get live TOTP code for 2FA |
|
|
| `search_vault` | Full-text search across entries |
|
|
| `check_expiring` | Find expiring credentials, cards, documents |
|
|
|
|
Tier 3 fields return `[Sealed — hardware key required]` to agents. They are not accessible without a browser session and physical authenticator.
|
|
|
|
---
|
|
|
|
## Config
|
|
|
|
All optional. Environment variables or `.env` in working directory.
|
|
|
|
```bash
|
|
PORT=1984 # default
|
|
DATA_DIR=. # directory for vault DB files
|
|
MODE=self-hosted # or "hosted" for multi-tenant
|
|
VAULT_KEY=... # optional server-side encryption key for Tier 1
|
|
FIREWORKS_API_KEY=... # for LLM import of unknown formats
|
|
```
|
|
|
|
---
|
|
|
|
## Import
|
|
|
|
Native parsing (no LLM) for:
|
|
- **Chrome** — `chrome://settings/passwords` → export CSV
|
|
- **Firefox** — `about:logins` → export CSV
|
|
- **Bitwarden** — Settings → Export → JSON
|
|
- **Proton Pass** — Settings → Export → JSON (zip or plain)
|
|
|
|
Any other format: drag and drop, LLM parses it.
|
|
|
|
Tier 3 auto-detection on import covers card numbers, CVV, government IDs (SSN, passport, driver's license, BSN, PESEL, etc.), recovery codes, and crypto wallets — in English, Dutch, German, French, Spanish, Portuguese, Italian, Chinese, Japanese, Korean, Russian, Arabic, Hindi, Turkish, Polish, Swedish, Thai, and Vietnamese.
|
|
|
|
---
|
|
|
|
## Backups
|
|
|
|
Automatic weekly backups with 3-month retention. Each vault's backup slot is deterministic — the first byte of the vault ID maps to an hour of the week, spreading backup load evenly across nodes.
|
|
|
|
Backups use SQLite `VACUUM INTO` for consistent snapshots stored in `{DATA_DIR}/backups/`.
|
|
|
|
From the web UI: view all backups, trigger immediate backup, restore (current DB saved as pre-restore backup first).
|
|
|
|
---
|
|
|
|
## License
|
|
|
|
[Elastic License 2.0](LICENSE) — free to use and self-host, not for resale as a managed service.
|