johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/drafts/vault1984-readme-draft.md

6.6 KiB
Raw Blame History

vault1984

"If you want to keep a secret, you must also hide it from yourself."

A password manager where the server holds your vault and nothing else.

Every other hosted vault encrypts your secrets and stores them centrally. The encryption is real. The problem is architectural: steal the database, and you have all the ciphertext you need — plus unlimited time to crack it offline. Iteration counts slow the attack. They don't prevent it.

vault1984 is built around a different principle. The server holds ciphertext it cannot decrypt. Not policy. Architecture.

How it works

Three tiers. Each with a different trust model.

Tier 1 — Metadata (server-readable)
  Entry names, URLs, usernames. The server can see these.
  Knowing someone has a Coinbase account isn't an attack.

Tier 2 — Credentials (agent-readable, server-opaque)
  Passwords, API keys, TOTP seeds, SSH keys.
  Encrypted with a key derived from your hardware authenticator.
  The server stores ciphertext it cannot read.
  Your AI agents decrypt locally. The server never sees plaintext.

Tier 3 — Sealed (hardware-only)
  Card numbers, passport, government IDs, seed phrases.
  Encrypted with a symmetric key derived from WebAuthn PRF.
  Requires physical authenticator — Touch ID, YubiKey, Titan Key.
  Even a fully authorized AI agent cannot reach Tier 3.

Steal the database. You get Tier 1 metadata and encrypted blobs for Tier 2 and 3 that require hardware the server never had. The database is not interesting.

The security model

Scenario Tier 1 Tier 2 Tier 3
Database stolen Metadata only Worthless ciphertext Worthless ciphertext
Server compromised Plaintext (during request) Ciphertext — server cannot decrypt Not present
Agent compromised Via MCP Decryptable by that agent Not present
Hardware key stolen + PIN Everything Everything Everything

Tier 2 key derivation: X25519 keypair derived via HKDF-SHA256 from your WebAuthn authenticator's PRF output. Public key stored on server. Private key: derived client-side during browser session, baked into agent tokens at creation time. Server holds envelopes it cannot open.

Tier 3 key derivation: Symmetric AES-256 key derived via HKDF-SHA256 from the same PRF output (independent branch). Browser-only. Never leaves the client.

Both tiers derive from a single hardware authentication. One tap in the browser unlocks both.

Quick start

go build -o vault1984 ./cmd/vault1984/
./vault1984
# Open http://localhost:1984/app/
# Register a passkey → vault is ready

No config files, no environment variables, no database setup.

Managed hosting

Don't want to run the server? We host it.

Same cryptographic guarantees. We run the infrastructure. We cannot read your Tier 2 or Tier 3 fields — the architecture makes it impossible, not policy.

→ vault1984.com

Features

  • One binary — Go, linux/mac/windows. FIPS mode available (GOEXPERIMENT=boringcrypto)
  • One file — SQLite per vault. Portable, copy it anywhere
  • No master password — WebAuthn only. Touch ID, Face ID, YubiKey, Titan Key, Windows Hello
  • Three-tier field encryption — per-field tier assignment, auto-detection on import
  • AI agent integration — MCP tools for get_credential, get_totp, search_vault, list_credentials, check_expiring
  • Scoped tokens — per-agent access by tags or entry IDs. Cryptographic scoping, not policy
  • Auto-detection — imports auto-flag card numbers, CVV, government IDs, recovery codes as Tier 3 across 15+ languages
  • Auto-lock — 60s idle + 15s countdown. Session and key cleared on lock
  • TOTP generation — agents can complete 2FA flows autonomously
  • Browser extension — Manifest V3, LLM field mapping, autofill on any site
  • Native import — Chrome, Firefox, Bitwarden, Proton Pass without LLM. Any format via LLM fallback
  • Smart dedup — collision resolution by source modification date
  • Automatic backups — weekly, 3-month retention, deterministic per vault ID
  • Audit log — every access logged with actor (web / extension / MCP / agent name)
  • Multi-tenant — hosted mode with /v/{vault_id}/ route prefix

MCP setup

Create a token in the web UI (Tokens page):

{
  "mcpServers": {
    "vault1984": {
      "url": "http://localhost:1984/mcp",
      "headers": {
        "Authorization": "Bearer v1984_..."
      }
    }
  }
}

The token contains both the MCP auth credential and the Tier 2 private key (wrapped). The agent decrypts Tier 2 fields locally. The server never sees the key.

Available tools

Tool Description
get_credential Find and return a credential by query
list_credentials List all accessible entries
get_totp Get live TOTP code for 2FA
search_vault Full-text search across entries
check_expiring Find expiring credentials, cards, documents

Tier 3 fields return [Sealed — hardware key required] to agents. They are not accessible without a browser session and physical authenticator.

Config

All optional. Environment variables or .env in working directory.

PORT=1984                # default
DATA_DIR=.               # directory for vault DB files
MODE=self-hosted         # or "hosted" for multi-tenant
VAULT_KEY=...            # optional server-side encryption key for Tier 1
FIREWORKS_API_KEY=...    # for LLM import of unknown formats

Import

Native parsing (no LLM) for:

  • Chromechrome://settings/passwords → export CSV
  • Firefoxabout:logins → export CSV
  • Bitwarden — Settings → Export → JSON
  • Proton Pass — Settings → Export → JSON (zip or plain)

Any other format: drag and drop, LLM parses it.

Tier 3 auto-detection on import covers card numbers, CVV, government IDs (SSN, passport, driver's license, BSN, PESEL, etc.), recovery codes, and crypto wallets — in English, Dutch, German, French, Spanish, Portuguese, Italian, Chinese, Japanese, Korean, Russian, Arabic, Hindi, Turkish, Polish, Swedish, Thai, and Vietnamese.

Backups

Automatic weekly backups with 3-month retention. Each vault's backup slot is deterministic — the first byte of the vault ID maps to an hour of the week, spreading backup load evenly across nodes.

Backups use SQLite VACUUM INTO for consistent snapshots stored in {DATA_DIR}/backups/.

From the web UI: view all backups, trigger immediate backup, restore (current DB saved as pre-restore backup first).

License

Elastic License 2.0 — free to use and self-host, not for resale as a managed service.