docs.rs failed to build envseal-0.3.14
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.
Visit the last successful build:
envseal-0.3.12
envseal (library)
Write-only secret vault with process-level access control — the core Rust library behind the envseal CLI, MCP server, and desktop app.
envseal authenticates the program asking for a secret, not the user
running it. The plaintext exists in exactly two places: inside the
silicon that minted the master key (Secure Enclave / TPM 2.0 / Windows
DPAPI), and inside the descendant process you authorized at the
keyboard. Nowhere else.
What's in this crate
- Vault — Argon2id passphrase + hardware-bound seal, AES-256-GCM with
per-secret AAD.
envseal::vault::Vault::store/decrypt/list/revoke. - Policy & approval pipeline — process whitelisting, GUI-gated approval, sealed config integrity.
- Guard — startup audit, signal taxonomy, preexec leak detection.
- Execution —
inject/pipe/supervisedrunners with leak-detecting child supervision and optional sandbox tiers. - Audit log — hash-chained, tamper-evident.
- MCP / GUI integrations — typed channel between the worker and approval surface.
This crate is the library. For end-user workflows, see:
envseal-cli—envsealbinaryenvseal-mcp— MCP server for AI agentsenvseal-gui— pure-Rust native desktop app
Status
Beta — actively hardening toward 1.0. See the main README for design notes, threat model, and the security CTF.
License
Dual-licensed under MIT OR Apache-2.0.