Skip to main content

Module vault

agentid_core

Module vault 

Source
Expand description

Encrypted on-disk key vault.

Layout:

  ~/.agentid/
    index.json                              # public metadata only
    keys/<sanitised-fingerprint>.key        # AES-256-GCM ciphertext

§Per-key file format

  off   size   field
  ---   ----   -----
    0      4   magic           = 0xA9 0x1D 0x56 0x01
    4      1   version         = 0x01
    5     16   pbkdf2 salt
   21     12   gcm nonce
   33      4   pbkdf2 iters    (u32 BE)
   37    var   ciphertext || gcm tag
  • KDF: PBKDF2-HMAC-SHA256, default 200 000 iterations.
  • Cipher: AES-256-GCM (no AAD — file format is implicit context).
  • Plaintext: JSON-encoded [StoredKey] (name + project + secret_hex).

Files are written with 0o600; the ~/.agentid directory with 0o700.

Structs§

Vault
Vault rooted at a directory (typically ~/.agentid).
VaultEntry
Public metadata for a vault entry. Safe to log.
VaultIndex

Enums§

VaultError