feat(core): initial release with 3-tier secret storage
Implements SmartSecret with macOS Keychain, Linux secret-tool, and AES-256-GCM encrypted file fallback backends. Zero runtime dependencies.
This commit is contained in:
12
readme.hints.md
Normal file
12
readme.hints.md
Normal file
@@ -0,0 +1,12 @@
|
||||
# smartsecret hints
|
||||
|
||||
## Architecture
|
||||
- 3-tier backend: macOS Keychain → Linux secret-tool → encrypted file vault
|
||||
- Zero runtime dependencies (Node.js built-ins only)
|
||||
- All OS interactions via child_process.execFile (no shell injection)
|
||||
|
||||
## File Backend
|
||||
- Vault: AES-256-GCM, JSON file with { iv, ciphertext, tag } per entry
|
||||
- Keyfile: auto-generated 32 random bytes at ~/.config/smartsecret/.keyfile (mode 0600)
|
||||
- Key derivation: PBKDF2 (SHA-512, 100k iterations, service-name salt)
|
||||
- Atomic writes: write .tmp then rename()
|
||||
Reference in New Issue
Block a user