Documentation
¶
Index ¶
- Constants
- Variables
- func AbortMCPTransaction(id string) error
- func AddCustomProfile(p CryptoProfile)
- func BuildMCPServerConfigWithToken(token string) map[string]interface{}
- func CalculateHMAC(data, key []byte) []byte
- func CalculateHealth(vault *Vault) (int, []string)
- func ChangeProfile(vault *Vault, newProfileName string, masterPassword string, vaultPath string) error
- func CheckAnomalies(vault *Vault) []string
- func CheckRecoveryKey(data []byte, key string) ([]byte, error)
- func ClearFailures()
- func CombineRecoveryQuorumShares(v *Vault, shares []string) (string, error)
- func ConfigureAlerts(vault *Vault, enabled bool, email string, masterPassword string, ...) error
- func CountRemainingRecoveryCodes(v *Vault) int
- func CreateSession(password string, duration time.Duration, readonly bool, ...) error
- func DeObfuscateRecoveryKey(obf []byte) string
- func DecodeBase64(s string) ([]byte, error)
- func DecryptData(data []byte, password string) ([]byte, error)
- func DeriveLegacyKey(password string, salt []byte) []byte
- func DeriveRecoveryKey(key string, salt []byte) []byte
- func DownloadPublicVault(input string) ([]byte, error)
- func EncodeBase64(b []byte) string
- func EncryptData(plaintext []byte, password string) ([]byte, error)
- func EncryptVault(vault *Vault, masterPassword string) ([]byte, error)
- func ExportToCSV(vault *Vault, filename string) error
- func ExportToJSON(vault *Vault, filename string, encryptPass string) error
- func ExportToTXT(vault *Vault, filename string, withoutPassword bool) error
- func ExtractFileID(input string) string
- func FinalizeMCPTransaction(id, resultSummary string, committed bool) (string, error)
- func FindMCPConfigFiles() []string
- func GenerateMCPToken(name string, permissions []string, expiryMinutes int) (string, error)
- func GenerateOneTimeRecoveryCodes(v *Vault, count int) ([]string, error)
- func GeneratePassword(length int) (string, error)
- func GenerateRandomHex(n int) (string, error)
- func GenerateRandomWords() (string, error)
- func GenerateRecoveryKey() string
- func GenerateRetrievalKey() (string, error)
- func GenerateSalt(length int) ([]byte, error)
- func GenerateTOTP(secret string) (string, error)
- func GetAvailableProfiles() []string
- func GetDefaultCreds() []byte
- func GetDefaultDropboxToken() []byte
- func GetDefaultToken() []byte
- func GetDeviceHash() string
- func GetFailureCount() int
- func HashKey(key string) string
- func ImportFromCSV(vault *Vault, filename string) error
- func ImportFromJSON(vault *Vault, filename string, decryptPass string) error
- func ImportFromTXT(vault *Vault, filename string) error
- func KillSession() error
- func LoadVault(path string) ([]byte, error)
- func LogAccess(action string)
- func LogAction(action, details string)
- func MCPToolPermissions() []string
- func MarkRecoveryCodeUsed(v *Vault, index int)
- func NormalizeCipherName(name string) string
- func PerformDriveAuth(credsJSON []byte) ([]byte, error)
- func PerformDropboxAuth(config oauth2.Config) ([]byte, error)
- func PrepareCloudUploadVaultPath(vault *Vault, masterPassword, vaultPath, provider string) (string, func(), error)
- func RecommendProfileForSystem(info SystemProfileInfo) (string, string)
- func RevokeEphemeralSession(id string) (bool, error)
- func RevokeMCPToken(query string) (bool, error)
- func RunBruteTest(vaultPath string, timeoutMins int)
- func RunRecoveryPasskeyRegistration() ([]byte, []byte, error)
- func SaveMCPConfig(config *MCPAuthConfig) error
- func SaveVault(path string, data []byte) error
- func SendAlert(vault *Vault, requiredLevel int, eventType, details string)
- func SetupRecoveryQuorum(v *Vault, threshold, shares int) (map[int]string, error)
- func SetupRecoveryQuorumWithKey(v *Vault, recoveryKey string, threshold, shares int) (map[int]string, error)
- func StartMCPServer(token string, vaultPath string, transport mcp.Transport, pm PluginManager) error
- func TimeRemaining() int
- func TrackFailure()
- func UpdateMCPConfigWithToken(filePath, token string) error
- func UpdateMasterPassword(v *Vault, oldPass, newPass string) ([]byte, error)
- func ValidateMasterPassword(password string) error
- func ValidateRecoveryCodeFromHeader(info RecoveryData, code string) (int, bool)
- func VaultExists(path string) bool
- func VerifyHMAC(data, signature, key []byte) bool
- func VerifyPasswordValidator(derived, stored []byte) bool
- func VerifyRecoveryPasskeyFromHeader(info RecoveryData) error
- func Wipe(b []byte)
- func XORRecoveryKey(key string) []byte
- type APIKeyEntry
- type AccessLog
- type AudioEntry
- type AuditEntry
- type BankingEntry
- type CICDSecretEntry
- type CertificateEntry
- type Classification
- type CloudCredentialEntry
- type CloudProvider
- type ContactEntry
- type CryptoProfile
- type DockerRegistryEntry
- type DocumentEntry
- type DropboxManager
- func (cm *DropboxManager) DeleteVault(fileID string) error
- func (cm *DropboxManager) DownloadPlugin(name string, destDir string) error
- func (cm *DropboxManager) DownloadVault(fileID string) ([]byte, error)
- func (cm *DropboxManager) ListMarketplacePlugins() ([]string, error)
- func (cm *DropboxManager) ResolveKeyToID(key string) (string, error)
- func (cm *DropboxManager) SyncVault(vaultPath, fileID string) error
- func (cm *DropboxManager) UploadPlugin(name string, pluginPath string) error
- func (cm *DropboxManager) UploadVault(vaultPath string, customKey string) (string, error)
- type Entry
- type EphemeralSession
- type EphemeralSessionStore
- type ExportData
- type GitHubManager
- func (gm *GitHubManager) DeleteVault(fileID string) error
- func (gm *GitHubManager) DownloadPlugin(name string, destDir string) error
- func (gm *GitHubManager) DownloadVault(fileID string) ([]byte, error)
- func (gm *GitHubManager) ListMarketplacePlugins() ([]string, error)
- func (gm *GitHubManager) ResolveKeyToID(key string) (string, error)
- func (gm *GitHubManager) SetRepo(repo string)
- func (gm *GitHubManager) SyncVault(vaultPath, fileID string) error
- func (gm *GitHubManager) UploadPlugin(name string, pluginPath string) error
- func (gm *GitHubManager) UploadVault(vaultPath string, customKey string) (string, error)
- type GoogleDriveManager
- func (cm *GoogleDriveManager) DeleteVault(fileID string) error
- func (cm *GoogleDriveManager) DownloadPlugin(name string, destDir string) error
- func (cm *GoogleDriveManager) DownloadVault(fileID string) ([]byte, error)
- func (cm *GoogleDriveManager) EnsurePluginsFolder() (string, error)
- func (cm *GoogleDriveManager) ListMarketplacePlugins() ([]string, error)
- func (cm *GoogleDriveManager) ListVaults() ([]string, error)
- func (cm *GoogleDriveManager) ResolveKeyToID(key string) (string, error)
- func (cm *GoogleDriveManager) SyncVault(vaultPath, fileID string) error
- func (cm *GoogleDriveManager) UploadPlugin(name string, pluginPath string) error
- func (cm *GoogleDriveManager) UploadVault(vaultPath string, customKey string) (string, error)
- type GovIDEntry
- type HistoryEntry
- type IgnoreCloudRule
- type IgnoreConfig
- func (cfg IgnoreConfig) FilterVaultForProvider(vault *Vault, provider string) *Vault
- func (cfg IgnoreConfig) IsEmpty() bool
- func (cfg IgnoreConfig) MiscIgnoreEnabled(name string) bool
- func (cfg IgnoreConfig) ShouldIgnoreEntry(space, entryType, name, provider string) bool
- func (cfg IgnoreConfig) ShouldIgnoreSpace(space string) bool
- func (cfg IgnoreConfig) ShouldIgnoreVocabWord(word string) bool
- type IgnoreEntryRule
- type K8sSecretEntry
- type Keys
- type LegalContractEntry
- type MCPAuthConfig
- type MCPToken
- type MCPTransaction
- type MCPTransactionStore
- type MedicalRecordEntry
- type NoteVocabulary
- type PasswordPolicy
- type PhotoEntry
- type PluginManager
- type Policy
- type RecoveryCodeEntry
- type RecoveryData
- type RotationPolicy
- type SSHConfigEntry
- type SSHKeyEntry
- type SearchResult
- type SecretTelemetry
- type SecretTrustScore
- type SecureNoteEntry
- type Session
- type SoftwareLicenseEntry
- type SystemProfileInfo
- type TOTPEntry
- type TokenEntry
- type TravelEntry
- type UnlockResult
- type Vault
- func (v *Vault) AddAPIKey(name, service, key string) error
- func (v *Vault) AddAudio(name, fileName string, content []byte) error
- func (v *Vault) AddBankingItem(label, bType, details, cvv, expiry string) error
- func (v *Vault) AddCICDSecret(c CICDSecretEntry) error
- func (v *Vault) AddCertificate(label, cert, key, issuer string, expiry time.Time) error
- func (v *Vault) AddCloudCredential(c CloudCredentialEntry) error
- func (v *Vault) AddContact(c ContactEntry) error
- func (v *Vault) AddDockerRegistry(d DockerRegistryEntry) error
- func (v *Vault) AddDocument(name, fileName string, content []byte, password string, tags []string, ...) error
- func (v *Vault) AddEntry(account, username, password string) error
- func (v *Vault) AddGovID(g GovIDEntry) error
- func (v *Vault) AddK8sSecret(k K8sSecretEntry) error
- func (v *Vault) AddLegalContract(l LegalContractEntry) error
- func (v *Vault) AddMedicalRecord(m MedicalRecordEntry) error
- func (v *Vault) AddPhoto(name, fileName string, content []byte) error
- func (v *Vault) AddRecoveryCode(service string, codes []string) error
- func (v *Vault) AddSSHConfig(s SSHConfigEntry) error
- func (v *Vault) AddSSHKey(name, privateKey string) error
- func (v *Vault) AddSecureNote(name, content string) error
- func (v *Vault) AddSoftwareLicense(s SoftwareLicenseEntry) error
- func (v *Vault) AddTOTPEntry(account, secret string) error
- func (v *Vault) AddToken(name, token, tType string) error
- func (v *Vault) AddTravelDoc(t TravelEntry) error
- func (v *Vault) AddVideo(name, fileName string, content []byte) error
- func (v *Vault) AddWiFi(ssid, password, security string) error
- func (v *Vault) AdjustVocabWordScore(word string, delta int) error
- func (v *Vault) ClearRecoveryInfo()
- func (v *Vault) ComputeSecretTrustScores() []SecretTrustScore
- func (v *Vault) DeleteAPIKey(name string) bool
- func (v *Vault) DeleteAudio(name string) bool
- func (v *Vault) DeleteBankingItem(label string) bool
- func (v *Vault) DeleteCICDSecret(name string) bool
- func (v *Vault) DeleteCertificate(label string) bool
- func (v *Vault) DeleteCloudCredential(label string) bool
- func (v *Vault) DeleteContact(name string) bool
- func (v *Vault) DeleteDockerRegistry(name string) bool
- func (v *Vault) DeleteDocument(name string) bool
- func (v *Vault) DeleteEntry(account string) bool
- func (v *Vault) DeleteGovID(idNum string) bool
- func (v *Vault) DeleteK8sSecret(name string) bool
- func (v *Vault) DeleteLegalContract(name string) bool
- func (v *Vault) DeleteMedicalRecord(label string) bool
- func (v *Vault) DeletePhoto(name string) bool
- func (v *Vault) DeleteRecoveryCode(service string) bool
- func (v *Vault) DeleteSSHConfig(alias string) bool
- func (v *Vault) DeleteSSHKey(name string) bool
- func (v *Vault) DeleteSecureNote(name string) bool
- func (v *Vault) DeleteSoftwareLicense(product string) bool
- func (v *Vault) DeleteTOTPEntry(account string) bool
- func (v *Vault) DeleteToken(name string) bool
- func (v *Vault) DeleteTravelDoc(label string) bool
- func (v *Vault) DeleteVideo(name string) bool
- func (v *Vault) DeleteVocabAlias(alias string) error
- func (v *Vault) DeleteVocabWord(word string) error
- func (v *Vault) DeleteWiFi(ssid string) bool
- func (v *Vault) GetAPIKey(name string) (APIKeyEntry, bool)
- func (v *Vault) GetAudio(name string) (AudioEntry, bool)
- func (v *Vault) GetBankingItem(label string) (BankingEntry, bool)
- func (v *Vault) GetCertificate(label string) (CertificateEntry, bool)
- func (v *Vault) GetDocument(name string) (DocumentEntry, bool)
- func (v *Vault) GetEntry(account string) (Entry, bool)
- func (v *Vault) GetPhoto(name string) (PhotoEntry, bool)
- func (v *Vault) GetRecoveryCode(service string) (RecoveryCodeEntry, bool)
- func (v *Vault) GetSSHKey(name string) (SSHKeyEntry, bool)
- func (v *Vault) GetSecretTelemetry(category, identifier, space string) (SecretTelemetry, bool)
- func (v *Vault) GetSecureNote(name string) (SecureNoteEntry, bool)
- func (v *Vault) GetTOTPEntry(account string) (TOTPEntry, bool)
- func (v *Vault) GetToken(name string) (TokenEntry, bool)
- func (v *Vault) GetVideo(name string) (VideoEntry, bool)
- func (v *Vault) GetWiFi(ssid string) (WiFiEntry, bool)
- func (v *Vault) ListVocabAliases() (map[string]string, error)
- func (v *Vault) ListVocabWords() (map[string]VocabWord, error)
- func (v *Vault) LoadNoteVocabulary() (NoteVocabulary, error)
- func (v *Vault) RecordNoteSuggestionFeedback(word string, accepted bool) error
- func (v *Vault) ReindexNoteVocabulary(ignore IgnoreConfig) error
- func (v *Vault) RemoveSecretTelemetry(category, identifier string)
- func (v *Vault) ResolveVocabAlias(alias string) (string, bool)
- func (v *Vault) SaveNoteVocabulary(vocab NoteVocabulary) error
- func (v *Vault) SearchAll(query string) []SearchResult
- func (v *Vault) Serialize(masterPassword string) ([]byte, error)
- func (v *Vault) SetRecoveryEmail(email string)
- func (v *Vault) SetRecoveryKey(key string, salt []byte)
- func (v *Vault) SetRecoveryToken(token string, duration time.Duration)
- func (v *Vault) SuggestNoteWords(prefix string, limit int, ignore IgnoreConfig) ([]string, error)
- func (v *Vault) TouchSecretTelemetry(category, identifier string, isWrite bool)
- func (v *Vault) UpsertVocabAlias(alias, value string) error
- func (v *Vault) VerifyRecoveryToken(token string) bool
- type VideoEntry
- type VocabWord
- type WiFiEntry
Constants ¶
View Source
const ( LevelCritical = 1 LevelSettings = 2 LevelAll = 3 )
View Source
const ( CipherAESGCM = "aes-gcm" CipherXChaCha20Poly1305 = "xchacha20-poly1305" )
View Source
const APMIgnoreFileName = ".apmignore"
View Source
const CurrentVersion = 4
View Source
const DriveFolderID = "100G-gs-wQnjmGipXdKFBBNd-Qbu6PpYJ"
View Source
const (
KeyLength = 32
)
View Source
const VaultHeader = "APMVAULT"
Variables ¶
View Source
var ( ProfileStandard = CryptoProfile{ Name: "standard", KDF: "argon2id", Cipher: CipherAESGCM, Time: 3, Memory: 64 * 1024, Parallelism: 2, SaltLen: 16, NonceLen: 12, } ProfileHardened = CryptoProfile{ Name: "hardened", KDF: "argon2id", Cipher: CipherAESGCM, Time: 5, Memory: 256 * 1024, Parallelism: 4, SaltLen: 32, NonceLen: 12, } ProfileParanoid = CryptoProfile{ Name: "paranoid", KDF: "argon2id", Cipher: CipherAESGCM, Time: 6, Memory: 512 * 1024, Parallelism: 4, SaltLen: 32, NonceLen: 24, } ProfileLegacy = CryptoProfile{ Name: "legacy", KDF: "pbkdf2", Cipher: CipherAESGCM, Time: 600000, Memory: 0, Parallelism: 1, SaltLen: 16, NonceLen: 12, } )
View Source
var Profiles = map[string]CryptoProfile{ "standard": ProfileStandard, "hardened": ProfileHardened, "paranoid": ProfileParanoid, "legacy": ProfileLegacy, }
Functions ¶
func AbortMCPTransaction ¶
func AddCustomProfile ¶
func AddCustomProfile(p CryptoProfile)
func CalculateHMAC ¶
func CalculateHealth ¶
func ChangeProfile ¶
func CheckAnomalies ¶
func ClearFailures ¶
func ClearFailures()
func ConfigureAlerts ¶
func CreateSession ¶
func DeObfuscateRecoveryKey ¶
func DecodeBase64 ¶
func DeriveLegacyKey ¶
func DeriveRecoveryKey ¶
func DownloadPublicVault ¶
func EncodeBase64 ¶
func ExportToCSV ¶
func ExtractFileID ¶
func FinalizeMCPTransaction ¶
func FindMCPConfigFiles ¶
func FindMCPConfigFiles() []string
func GenerateMCPToken ¶
func GeneratePassword ¶
func GenerateRandomHex ¶
func GenerateRandomWords ¶
func GenerateRecoveryKey ¶
func GenerateRecoveryKey() string
func GenerateRetrievalKey ¶
func GenerateSalt ¶
func GenerateTOTP ¶
func GetAvailableProfiles ¶
func GetAvailableProfiles() []string
func GetDefaultCreds ¶
func GetDefaultCreds() []byte
func GetDefaultDropboxToken ¶
func GetDefaultDropboxToken() []byte
func GetDefaultToken ¶
func GetDefaultToken() []byte
func GetDeviceHash ¶
func GetDeviceHash() string
func GetFailureCount ¶
func GetFailureCount() int
func ImportFromCSV ¶
func ImportFromTXT ¶
func KillSession ¶
func KillSession() error
func MCPToolPermissions ¶
func MCPToolPermissions() []string
func MarkRecoveryCodeUsed ¶
func NormalizeCipherName ¶
func PerformDriveAuth ¶
func RecommendProfileForSystem ¶
func RecommendProfileForSystem(info SystemProfileInfo) (string, string)
func RevokeEphemeralSession ¶
func RevokeMCPToken ¶
func RunBruteTest ¶
func SaveMCPConfig ¶
func SaveMCPConfig(config *MCPAuthConfig) error
func SetupRecoveryQuorum ¶
func StartMCPServer ¶
func TimeRemaining ¶
func TimeRemaining() int
func TrackFailure ¶
func TrackFailure()
func UpdateMasterPassword ¶
func ValidateMasterPassword ¶
func ValidateRecoveryCodeFromHeader ¶
func ValidateRecoveryCodeFromHeader(info RecoveryData, code string) (int, bool)
func VaultExists ¶
func VerifyHMAC ¶
func VerifyPasswordValidator ¶
func VerifyRecoveryPasskeyFromHeader ¶
func VerifyRecoveryPasskeyFromHeader(info RecoveryData) error
func XORRecoveryKey ¶
Types ¶
type APIKeyEntry ¶
type AudioEntry ¶
type AuditEntry ¶
type AuditEntry struct {
Timestamp time.Time `json:"timestamp"`
Action string `json:"action"`
Details string `json:"details"`
User string `json:"user"`
Hostname string `json:"hostname"`
}
func GetAuditLogs ¶
func GetAuditLogs(limit int) ([]AuditEntry, error)
type BankingEntry ¶
type CICDSecretEntry ¶
type CertificateEntry ¶
type Classification ¶
type CloudCredentialEntry ¶
type CloudCredentialEntry struct {
Label string `json:"label"`
AccessKey string `json:"access_key"`
SecretKey string `json:"secret_key"`
Region string `json:"region"`
AccountID string `json:"account_id"`
Role string `json:"role"`
Expiration string `json:"expiration"`
Space string `json:"space,omitempty"`
}
type CloudProvider ¶
type CloudProvider interface {
UploadVault(vaultPath string, customKey string) (string, error)
DownloadVault(fileID string) ([]byte, error)
SyncVault(vaultPath, fileID string) error
DeleteVault(fileID string) error
ResolveKeyToID(key string) (string, error)
ListMarketplacePlugins() ([]string, error)
DownloadPlugin(name string, destDir string) error
UploadPlugin(name string, pluginPath string) error
}
func GetCloudProvider ¶
type ContactEntry ¶
type CryptoProfile ¶
type CryptoProfile struct {
Name string
KDF string
Cipher string
Time uint32
Memory uint32
Parallelism uint8
SaltLen int
NonceLen int
}
func GetProfile ¶
func GetProfile(name string) CryptoProfile
func GetVaultParams ¶
func GetVaultParams(data []byte) (CryptoProfile, int, error)
func NormalizeCryptoProfile ¶
func NormalizeCryptoProfile(p CryptoProfile) CryptoProfile
type DockerRegistryEntry ¶
type DocumentEntry ¶
type DropboxManager ¶
func NewDropboxManager ¶
func NewDropboxManager(ctx context.Context, token string) (*DropboxManager, error)
func (*DropboxManager) DeleteVault ¶
func (cm *DropboxManager) DeleteVault(fileID string) error
func (*DropboxManager) DownloadPlugin ¶
func (cm *DropboxManager) DownloadPlugin(name string, destDir string) error
func (*DropboxManager) DownloadVault ¶
func (cm *DropboxManager) DownloadVault(fileID string) ([]byte, error)
func (*DropboxManager) ListMarketplacePlugins ¶
func (cm *DropboxManager) ListMarketplacePlugins() ([]string, error)
func (*DropboxManager) ResolveKeyToID ¶
func (cm *DropboxManager) ResolveKeyToID(key string) (string, error)
func (*DropboxManager) SyncVault ¶
func (cm *DropboxManager) SyncVault(vaultPath, fileID string) error
func (*DropboxManager) UploadPlugin ¶
func (cm *DropboxManager) UploadPlugin(name string, pluginPath string) error
func (*DropboxManager) UploadVault ¶
func (cm *DropboxManager) UploadVault(vaultPath string, customKey string) (string, error)
type EphemeralSession ¶
type EphemeralSession struct {
ID string `json:"id"`
Label string `json:"label,omitempty"`
Scope string `json:"scope"`
BoundHostHash string `json:"bound_host_hash,omitempty"`
BoundPID int `json:"bound_pid,omitempty"`
BoundAgent string `json:"bound_agent,omitempty"`
MasterPassword string `json:"master_password"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
Revoked bool `json:"revoked"`
RevokedAt time.Time `json:"revoked_at,omitempty"`
}
func IssueEphemeralSession ¶
func ListEphemeralSessions ¶
func ListEphemeralSessions() ([]EphemeralSession, error)
func ValidateEphemeralSession ¶
func ValidateEphemeralSession(id string, currentPID int, currentAgent string) (*EphemeralSession, error)
type EphemeralSessionStore ¶
type EphemeralSessionStore struct {
Sessions map[string]EphemeralSession `json:"sessions"`
}
type ExportData ¶
type ExportData struct {
Entries []Entry `json:"entries"`
TOTPEntries []TOTPEntry `json:"totp_entries"`
Tokens []TokenEntry `json:"tokens"`
SecureNotes []SecureNoteEntry `json:"secure_notes"`
APIKeys []APIKeyEntry `json:"api_keys"`
SSHKeys []SSHKeyEntry `json:"ssh_keys"`
WiFiCredentials []WiFiEntry `json:"wifi_credentials"`
RecoveryCodeItems []RecoveryCodeEntry `json:"recovery_codes"`
}
type GitHubManager ¶
func NewGitHubManager ¶
func NewGitHubManager(ctx context.Context, token string) (*GitHubManager, error)
func (*GitHubManager) DeleteVault ¶
func (gm *GitHubManager) DeleteVault(fileID string) error
func (*GitHubManager) DownloadPlugin ¶
func (gm *GitHubManager) DownloadPlugin(name string, destDir string) error
func (*GitHubManager) DownloadVault ¶
func (gm *GitHubManager) DownloadVault(fileID string) ([]byte, error)
func (*GitHubManager) ListMarketplacePlugins ¶
func (gm *GitHubManager) ListMarketplacePlugins() ([]string, error)
func (*GitHubManager) ResolveKeyToID ¶
func (gm *GitHubManager) ResolveKeyToID(key string) (string, error)
func (*GitHubManager) SetRepo ¶
func (gm *GitHubManager) SetRepo(repo string)
func (*GitHubManager) SyncVault ¶
func (gm *GitHubManager) SyncVault(vaultPath, fileID string) error
func (*GitHubManager) UploadPlugin ¶
func (gm *GitHubManager) UploadPlugin(name string, pluginPath string) error
func (*GitHubManager) UploadVault ¶
func (gm *GitHubManager) UploadVault(vaultPath string, customKey string) (string, error)
type GoogleDriveManager ¶
func NewGoogleDriveManager ¶
func (*GoogleDriveManager) DeleteVault ¶
func (cm *GoogleDriveManager) DeleteVault(fileID string) error
func (*GoogleDriveManager) DownloadPlugin ¶
func (cm *GoogleDriveManager) DownloadPlugin(name string, destDir string) error
func (*GoogleDriveManager) DownloadVault ¶
func (cm *GoogleDriveManager) DownloadVault(fileID string) ([]byte, error)
func (*GoogleDriveManager) EnsurePluginsFolder ¶
func (cm *GoogleDriveManager) EnsurePluginsFolder() (string, error)
func (*GoogleDriveManager) ListMarketplacePlugins ¶
func (cm *GoogleDriveManager) ListMarketplacePlugins() ([]string, error)
func (*GoogleDriveManager) ListVaults ¶
func (cm *GoogleDriveManager) ListVaults() ([]string, error)
func (*GoogleDriveManager) ResolveKeyToID ¶
func (cm *GoogleDriveManager) ResolveKeyToID(key string) (string, error)
func (*GoogleDriveManager) SyncVault ¶
func (cm *GoogleDriveManager) SyncVault(vaultPath, fileID string) error
func (*GoogleDriveManager) UploadPlugin ¶
func (cm *GoogleDriveManager) UploadPlugin(name string, pluginPath string) error
func (*GoogleDriveManager) UploadVault ¶
func (cm *GoogleDriveManager) UploadVault(vaultPath string, customKey string) (string, error)
type GovIDEntry ¶
type HistoryEntry ¶
type IgnoreCloudRule ¶
type IgnoreConfig ¶
type IgnoreConfig struct {
Spaces []string
Entries []IgnoreEntryRule
Vocab []string
CloudSpecific []IgnoreCloudRule
Misc map[string]string
}
func LoadIgnoreConfig ¶
func LoadIgnoreConfig(filePath string) (IgnoreConfig, error)
func LoadIgnoreConfigForVault ¶
func LoadIgnoreConfigForVault(vaultPath string) (IgnoreConfig, string, error)
func ParseIgnoreConfig ¶
func ParseIgnoreConfig(content string) (IgnoreConfig, error)
func (IgnoreConfig) FilterVaultForProvider ¶
func (cfg IgnoreConfig) FilterVaultForProvider(vault *Vault, provider string) *Vault
func (IgnoreConfig) IsEmpty ¶
func (cfg IgnoreConfig) IsEmpty() bool
func (IgnoreConfig) MiscIgnoreEnabled ¶
func (cfg IgnoreConfig) MiscIgnoreEnabled(name string) bool
func (IgnoreConfig) ShouldIgnoreEntry ¶
func (cfg IgnoreConfig) ShouldIgnoreEntry(space, entryType, name, provider string) bool
func (IgnoreConfig) ShouldIgnoreSpace ¶
func (cfg IgnoreConfig) ShouldIgnoreSpace(space string) bool
func (IgnoreConfig) ShouldIgnoreVocabWord ¶
func (cfg IgnoreConfig) ShouldIgnoreVocabWord(word string) bool
type IgnoreEntryRule ¶
type K8sSecretEntry ¶
type LegalContractEntry ¶
type MCPAuthConfig ¶
func LoadMCPConfig ¶
func LoadMCPConfig() (*MCPAuthConfig, error)
type MCPToken ¶
type MCPToken struct {
Name string `json:"name"`
Token string `json:"token"`
Permissions []string `json:"permissions"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at,omitempty"`
LastUsedAt time.Time `json:"last_used_at,omitempty"`
UsageCount int `json:"usage_count"`
}
func ListMCPTokens ¶
type MCPTransaction ¶
type MCPTransaction struct {
ID string `json:"id"`
TokenName string `json:"token_name"`
Tool string `json:"tool"`
Args json.RawMessage `json:"args"`
Preview string `json:"preview"`
Status string `json:"status"`
Receipt string `json:"receipt,omitempty"`
CreatedAt time.Time `json:"created_at"`
ExpiresAt time.Time `json:"expires_at"`
UpdatedAt time.Time `json:"updated_at"`
}
func CreateMCPTransaction ¶
func CreateMCPTransaction(tokenName, tool string, args json.RawMessage, preview string, ttl time.Duration) (MCPTransaction, error)
func GetMCPTransaction ¶
func GetMCPTransaction(id string) (*MCPTransaction, error)
func ListMCPTransactions ¶
func ListMCPTransactions(limit int) ([]MCPTransaction, error)
type MCPTransactionStore ¶
type MCPTransactionStore struct {
Transactions map[string]MCPTransaction `json:"transactions"`
}
type MedicalRecordEntry ¶
type NoteVocabulary ¶
type PasswordPolicy ¶
type PasswordPolicy struct {
MinLength int `yaml:"min_length"`
RequireUpper bool `yaml:"require_uppercase"`
RequireNumbers bool `yaml:"require_numbers"`
RequireSymbols bool `yaml:"require_symbols"`
}
func (*PasswordPolicy) Validate ¶
func (p *PasswordPolicy) Validate(password string) error
type PhotoEntry ¶
type PluginManager ¶
type Policy ¶
type Policy struct {
Name string `yaml:"name"`
PasswordPolicy PasswordPolicy `yaml:"password_policy"`
RotationPolicy RotationPolicy `yaml:"rotation_policy"`
Classification map[string]Classification `yaml:"classification"`
}
func LoadPolicies ¶
type RecoveryCodeEntry ¶
type RecoveryData ¶
type RecoveryData struct {
EmailHash []byte `json:"email_hash,omitempty"`
KeyHash []byte `json:"key_hash,omitempty"`
DEKSlot []byte `json:"dek_slot,omitempty"` // DEK encrypted with Recovery Key
Salt []byte `json:"salt,omitempty"` // Stable salt for recovery key
ObfuscatedKey []byte `json:"obfuscated_key,omitempty"`
RecoveryTokenHash []byte `json:"recovery_token_hash,omitempty"`
RecoveryTokenExpiry time.Time `json:"recovery_token_expiry,omitempty"`
RecoveryCodeHashes [][]byte `json:"recovery_code_hashes,omitempty"`
RecoveryCodeUsed []bool `json:"recovery_code_used,omitempty"`
RecoveryPasskeyEnabled bool `json:"recovery_passkey_enabled,omitempty"`
RecoveryPasskeyUserID []byte `json:"recovery_passkey_user_id,omitempty"`
RecoveryPasskeyCred []byte `json:"recovery_passkey_cred,omitempty"`
AlertsEnabled bool `json:"alerts_enabled,omitempty"`
SecurityLevel int `json:"security_level,omitempty"`
AlertEmail string `json:"alert_email,omitempty"`
}
func GetVaultRecoveryInfo ¶
func GetVaultRecoveryInfo(data []byte) (RecoveryData, error)
type RotationPolicy ¶
type SSHConfigEntry ¶
type SSHKeyEntry ¶
type SearchResult ¶
type SecretTelemetry ¶
type SecretTelemetry struct {
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
LastAccessed time.Time `json:"last_accessed,omitempty"`
LastRotation time.Time `json:"last_rotation,omitempty"`
AccessCount int `json:"access_count,omitempty"`
Privilege string `json:"privilege,omitempty"`
Exposed bool `json:"exposed,omitempty"`
CreatedBy string `json:"created_by,omitempty"`
UpdatedBy string `json:"updated_by,omitempty"`
LastAccessedBy string `json:"last_accessed_by,omitempty"`
Source string `json:"source,omitempty"`
}
type SecretTrustScore ¶
type SecureNoteEntry ¶
type Session ¶
type Session struct {
MasterPassword string `json:"master_password"`
ReadOnly bool `json:"readonly"`
Expiry time.Time `json:"expiry"`
LastUsed time.Time `json:"last_used"`
InactivityTimeout time.Duration `json:"inactivity_timeout"`
}
func GetSession ¶
type SoftwareLicenseEntry ¶
type SystemProfileInfo ¶
type SystemProfileInfo struct {
OS string
Arch string
CPUCores int
TotalMemoryMB uint64
MemoryDetected bool
}
func DetectSystemProfileInfo ¶
func DetectSystemProfileInfo() SystemProfileInfo
type TokenEntry ¶
type TravelEntry ¶
type UnlockResult ¶
UnlockResult represents the result of an unlock attempt
func AttemptUnlockWithSession ¶
func AttemptUnlockWithSession(vaultPath string) (*UnlockResult, error)
AttemptUnlockWithSession tries to unlock the vault using existing sessions or ephemeral IDs
func UnlockWithPassword ¶
func UnlockWithPassword(vaultPath, password string) (*UnlockResult, error)
UnlockWithPassword attempts to unlock the vault with the provided password
type Vault ¶
type Vault struct {
Salt []byte `json:"salt"`
SecurityLevel int `json:"security_level"` // 1-3
Entries []Entry `json:"entries"`
TOTPEntries []TOTPEntry `json:"totp_entries"`
TOTPOrder []string `json:"totp_order,omitempty"`
TOTPDomainLinks map[string]string `json:"totp_domain_links,omitempty"`
Tokens []TokenEntry `json:"tokens"`
SecureNotes []SecureNoteEntry `json:"secure_notes"`
APIKeys []APIKeyEntry `json:"api_keys"`
SSHKeys []SSHKeyEntry `json:"ssh_keys"`
WiFiCredentials []WiFiEntry `json:"wifi_credentials"`
RecoveryCodeItems []RecoveryCodeEntry `json:"recovery_codes"`
Certificates []CertificateEntry `json:"certificates"`
BankingItems []BankingEntry `json:"banking_items"`
Documents []DocumentEntry `json:"documents"`
AudioFiles []AudioEntry `json:"audio_files"`
VideoFiles []VideoEntry `json:"video_files"`
PhotoFiles []PhotoEntry `json:"photo_files"`
GovIDs []GovIDEntry `json:"gov_ids"`
MedicalRecords []MedicalRecordEntry `json:"medical_records"`
TravelDocs []TravelEntry `json:"travel_docs"`
Contacts []ContactEntry `json:"contacts"`
CloudCredentialsItems []CloudCredentialEntry `json:"cloud_credentials_items"`
K8sSecrets []K8sSecretEntry `json:"k8s_secrets"`
DockerRegistries []DockerRegistryEntry `json:"docker_registries"`
SSHConfigs []SSHConfigEntry `json:"ssh_configs"`
CICDSecrets []CICDSecretEntry `json:"cicd_secrets"`
SoftwareLicenses []SoftwareLicenseEntry `json:"software_licenses"`
LegalContracts []LegalContractEntry `json:"legal_contracts"`
History []HistoryEntry `json:"history"`
RetrievalKey string `json:"retrieval_key,omitempty"`
CloudFileID string `json:"cloud_file_id,omitempty"`
CloudCredentials []byte `json:"cloud_credentials,omitempty"`
CloudToken []byte `json:"cloud_token,omitempty"`
FailedAttempts uint8 `json:"failed_attempts,omitempty"`
EmergencyMode bool `json:"emergency_mode,omitempty"`
DecoyMode bool `json:"decoy_mode,omitempty"`
DecoySessionCount int `json:"decoy_session_count,omitempty"`
Profile string `json:"profile,omitempty"`
AutocompleteEnabled bool `json:"autocomplete_enabled,omitempty"`
AutocompleteWindowDisabled bool `json:"autocomplete_window_disabled,omitempty"`
VocabCompressed []byte `json:"vocab_compressed,omitempty"`
AlertEmail string `json:"alert_email,omitempty"`
AlertsEnabled bool `json:"alerts_enabled,omitempty"`
AnomalyDetectionEnabled bool `json:"anomaly_detection_enabled,omitempty"`
LastCloudProvider string `json:"last_cloud_provider,omitempty"`
DriveSyncMode string `json:"drive_sync_mode,omitempty"` // "apm_public" or "self_hosted"
DriveKeyMetadataConsent bool `json:"drive_key_metadata_consent,omitempty"`
GitHubToken string `json:"github_token,omitempty"`
GitHubRepo string `json:"github_repo,omitempty"`
DropboxToken []byte `json:"dropbox_token,omitempty"`
DropboxSyncMode string `json:"dropbox_sync_mode,omitempty"`
DropboxKeyMetadataConsent bool `json:"dropbox_key_metadata_consent,omitempty"`
DropboxFileID string `json:"dropbox_file_id,omitempty"`
CurrentSpace string `json:"current_space,omitempty"`
Spaces []string `json:"spaces"`
ActivePolicy Policy `json:"active_policy,omitempty"`
PluginPermissionOverrides map[string]map[string]bool `json:"plugin_permission_overrides,omitempty"`
NeedsRepair bool `json:"-"`
CurrentProfileParams *CryptoProfile `json:"-"`
RecoveryEmail string `json:"recovery_email,omitempty"`
RecoveryHash []byte `json:"recovery_hash,omitempty"`
DEK []byte `json:"dek,omitempty"`
RecoverySlot []byte `json:"recovery_slot,omitempty"`
RecoverySalt []byte `json:"recovery_salt,omitempty"`
RawRecoveryKey string `json:"-"`
ObfuscatedKey []byte `json:"-"`
RecoveryTokenHash []byte `json:"recovery_token_hash,omitempty"`
RecoveryTokenExpiry time.Time `json:"recovery_token_expiry,omitempty"`
SecretTelemetry map[string]SecretTelemetry `json:"secret_telemetry,omitempty"`
RecoveryCodeHashes [][]byte `json:"recovery_code_hashes,omitempty"`
RecoveryCodeUsed []bool `json:"recovery_code_used,omitempty"`
RecoveryPasskeyEnabled bool `json:"recovery_passkey_enabled,omitempty"`
RecoveryPasskeyUserID []byte `json:"recovery_passkey_user_id,omitempty"`
RecoveryPasskeyCred []byte `json:"recovery_passkey_cred,omitempty"`
}
func DecryptVault ¶
func GetDecoyVault ¶
func GetDecoyVault() *Vault
func (*Vault) AddBankingItem ¶
func (*Vault) AddCICDSecret ¶
func (v *Vault) AddCICDSecret(c CICDSecretEntry) error
func (*Vault) AddCertificate ¶
func (*Vault) AddCloudCredential ¶
func (v *Vault) AddCloudCredential(c CloudCredentialEntry) error
func (*Vault) AddContact ¶
func (v *Vault) AddContact(c ContactEntry) error
func (*Vault) AddDockerRegistry ¶
func (v *Vault) AddDockerRegistry(d DockerRegistryEntry) error
func (*Vault) AddDocument ¶
func (*Vault) AddGovID ¶
func (v *Vault) AddGovID(g GovIDEntry) error
func (*Vault) AddK8sSecret ¶
func (v *Vault) AddK8sSecret(k K8sSecretEntry) error
func (*Vault) AddLegalContract ¶
func (v *Vault) AddLegalContract(l LegalContractEntry) error
func (*Vault) AddMedicalRecord ¶
func (v *Vault) AddMedicalRecord(m MedicalRecordEntry) error
func (*Vault) AddRecoveryCode ¶
func (*Vault) AddSSHConfig ¶
func (v *Vault) AddSSHConfig(s SSHConfigEntry) error
func (*Vault) AddSecureNote ¶
func (*Vault) AddSoftwareLicense ¶
func (v *Vault) AddSoftwareLicense(s SoftwareLicenseEntry) error
func (*Vault) AddTOTPEntry ¶
func (*Vault) AddTravelDoc ¶
func (v *Vault) AddTravelDoc(t TravelEntry) error
func (*Vault) AdjustVocabWordScore ¶
func (*Vault) ClearRecoveryInfo ¶
func (v *Vault) ClearRecoveryInfo()
func (*Vault) ComputeSecretTrustScores ¶
func (v *Vault) ComputeSecretTrustScores() []SecretTrustScore
func (*Vault) DeleteAPIKey ¶
func (*Vault) DeleteAudio ¶
func (*Vault) DeleteBankingItem ¶
func (*Vault) DeleteCICDSecret ¶
func (*Vault) DeleteCertificate ¶
func (*Vault) DeleteCloudCredential ¶
func (*Vault) DeleteContact ¶
func (*Vault) DeleteDockerRegistry ¶
func (*Vault) DeleteDocument ¶
func (*Vault) DeleteEntry ¶
func (*Vault) DeleteGovID ¶
func (*Vault) DeleteK8sSecret ¶
func (*Vault) DeleteLegalContract ¶
func (*Vault) DeleteMedicalRecord ¶
func (*Vault) DeletePhoto ¶
func (*Vault) DeleteRecoveryCode ¶
func (*Vault) DeleteSSHConfig ¶
func (*Vault) DeleteSSHKey ¶
func (*Vault) DeleteSecureNote ¶
func (*Vault) DeleteSoftwareLicense ¶
func (*Vault) DeleteTOTPEntry ¶
func (*Vault) DeleteToken ¶
func (*Vault) DeleteTravelDoc ¶
func (*Vault) DeleteVideo ¶
func (*Vault) DeleteVocabAlias ¶
func (*Vault) DeleteVocabWord ¶
func (*Vault) DeleteWiFi ¶
func (*Vault) GetBankingItem ¶
func (v *Vault) GetBankingItem(label string) (BankingEntry, bool)
func (*Vault) GetCertificate ¶
func (v *Vault) GetCertificate(label string) (CertificateEntry, bool)
func (*Vault) GetDocument ¶
func (v *Vault) GetDocument(name string) (DocumentEntry, bool)
func (*Vault) GetRecoveryCode ¶
func (v *Vault) GetRecoveryCode(service string) (RecoveryCodeEntry, bool)
func (*Vault) GetSecretTelemetry ¶
func (v *Vault) GetSecretTelemetry(category, identifier, space string) (SecretTelemetry, bool)
func (*Vault) GetSecureNote ¶
func (v *Vault) GetSecureNote(name string) (SecureNoteEntry, bool)
func (*Vault) LoadNoteVocabulary ¶
func (v *Vault) LoadNoteVocabulary() (NoteVocabulary, error)
func (*Vault) RecordNoteSuggestionFeedback ¶
func (*Vault) ReindexNoteVocabulary ¶
func (v *Vault) ReindexNoteVocabulary(ignore IgnoreConfig) error
func (*Vault) RemoveSecretTelemetry ¶
func (*Vault) SaveNoteVocabulary ¶
func (v *Vault) SaveNoteVocabulary(vocab NoteVocabulary) error
func (*Vault) SearchAll ¶
func (v *Vault) SearchAll(query string) []SearchResult
func (*Vault) SetRecoveryEmail ¶
func (*Vault) SetRecoveryKey ¶
func (*Vault) SetRecoveryToken ¶
func (*Vault) SuggestNoteWords ¶
func (*Vault) TouchSecretTelemetry ¶
func (*Vault) UpsertVocabAlias ¶
func (*Vault) VerifyRecoveryToken ¶
type VideoEntry ¶
Source Files
¶
- anomaly.go
- apmignore.go
- audit.go
- auth_logic.go
- brute.go
- cloud.go
- cloud_ignore.go
- cloud_plugins.go
- ephemeral_session.go
- health.go
- mcp.go
- mcp_transactions.go
- policy.go
- portability.go
- quorum_recovery.go
- recovery_codes.go
- recovery_passkey.go
- security.go
- session.go
- storage.go
- system_profile.go
- totp.go
- trust.go
- utils.go
- vault.go
- vocab.go
Directories
Click to show internal directories.
Click to hide internal directories.