envseal (library)

Write-only secret vault with process-level access control — the core Rust library behind the envseal CLI, MCP server, and desktop app.

envseal authenticates the program asking for a secret, not the user running it. The plaintext exists in exactly two places: inside the silicon that minted the master key (Secure Enclave / TPM 2.0 / Windows DPAPI), and inside the descendant process you authorized at the keyboard. Nowhere else.

What's in this crate

• Vault — Argon2id passphrase + hardware-bound seal, AES-256-GCM with per-secret AAD. envseal::vault::Vault::store/decrypt/list/revoke.
• Policy & approval pipeline — process whitelisting, GUI-gated approval, sealed config integrity.
• Guard — startup audit, signal taxonomy, preexec leak detection.
• Execution — inject / pipe / supervised runners with leak-detecting child supervision and optional sandbox tiers.
• Audit log — hash-chained, tamper-evident.
• MCP / GUI integrations — typed channel between the worker and approval surface.

This crate is the library. For end-user workflows, see:

• envseal-cli — envseal binary
• envseal-mcp — MCP server for AI agents
• envseal-gui — pure-Rust native desktop app

Status

Beta — actively hardening toward 1.0. See the main README for design notes, threat model, and the security CTF.

License

Dual-licensed under MIT OR Apache-2.0.