Helvetia is a service that allows anonymous storage of secrets, with a simple rule; any user can create a secret using a token, and they can only access it using the same token. Helvetia will then go to great lengths to ensure that the secret remains safe, even from itself.
Helvetia can be roughly separated in the following layers, from top to bottom:
Helvetia exposes a REST API for basic CRUD operations:
- Create or replace a secret.
- Read a secret’s (meta)data.
- Delete a secret.
You can find more details about the supported API calls in the
Operations on a secret follow a simple logic; if the secret does not exist, anyone can create it. If it does, only those with a token can view/edit it. Optionally, during secret creation, users can specify a separate token that can be used only for accessing the metadata of the secret.
The implementation of this logic can be found in the
The secrets are stored in a key-value stored provided by the caves crate. This gives us the option to store them in-memory, in a filesystem or in a RocksDB database, using the same interface.
Results and errors