Back to Details

secure-vault

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Secure Vault

安全密钥库

Secure encrypted secrets storage with local key file protection. Inspired by ZeroClaw's encrypted secrets with XOR + local key file.
通过本地密钥文件保护实现安全的加密密钥存储。灵感来自ZeroClaw采用XOR + 本地密钥文件的加密密钥方案。

Setup

设置

No additional setup required. Generates encryption key on first use.
无需额外设置。首次使用时会自动生成加密密钥。

Usage

使用方法

Store a Secret

存储密钥

bash
{baseDir}/secure-vault.js set --name "api_key" --value "secret-value"
bash
{baseDir}/secure-vault.js set --name "api_key" --value "secret-value"

Retrieve a Secret

获取密钥

bash
{baseDir}/secure-vault.js get --name "api_key"
bash
{baseDir}/secure-vault.js get --name "api_key"

List All Secrets

列出所有密钥

bash
{baseDir}/secure-vault.js list
bash
{baseDir}/secure-vault.js list

Delete a Secret

删除密钥

bash
{baseDir}/secure-vault.js delete --name "api_key"
bash
{baseDir}/secure-vault.js delete --name "api_key"

Export Secrets (Encrypted)

导出密钥(加密状态)

bash
{baseDir}/secure-vault.js export --output "vault-backup.enc"
bash
{baseDir}/secure-vault.js export --output "vault-backup.enc"

Import Secrets

导入密钥

bash
{baseDir}/secure-vault.js import --path "vault-backup.enc"
bash
{baseDir}/secure-vault.js import --path "vault-backup.enc"

Options

选项

OptionDescriptionDefault
--name
Secret name/identifierRequired for set/get/delete
--value
Secret value-
--path
File path for import/export-
--output
Output file path-
--key
External encryption key (optional)Auto-generated
选项描述默认值
--name
密钥名称/标识符set/get/delete操作必填
--value
密钥值-
--path
导入/导出文件路径-
--output
输出文件路径-
--key
外部加密密钥(可选)自动生成

Encryption

加密机制

Uses XOR encryption with a local key file (similar to ZeroClaw):
  • Key file stored at 
    ~/.config/agent/vault.key
    (mode 0600)
  • Secrets encrypted before storage
  • Key file never leaves the local system
采用XOR加密结合本地密钥文件(与ZeroClaw类似):
  • 密钥文件存储在 
    ~/.config/agent/vault.key
    (权限0600)
  • 密钥存储前先加密
  • 密钥文件永远不会离开本地系统

Security Features

安全特性

  • Local-only key: Encryption key never stored with secrets
  • File permissions: Key file created with 0600 permissions
  • No plaintext storage: All secrets stored encrypted
  • Secure deletion: Overwrites data before deletion
  • 仅本地密钥:加密密钥从不与密钥内容一起存储
  • 文件权限:密钥文件创建时设置0600权限
  • 无明文存储:所有密钥均加密存储
  • 安全删除:删除前覆盖数据

Response Format

响应格式

json
{
  "success": true,
  "name": "api_key",
  "encrypted": true
}
json
{
  "success": true,
  "name": "api_key",
  "encrypted": true
}

When to Use

使用场景

  • Storing API keys securely
  • Managing credentials for multiple services
  • Backup and restore encrypted secrets
  • Secure configuration storage
  • Managing secrets across environments
  • 安全存储API密钥
  • 管理多服务凭据
  • 备份和恢复加密密钥
  • 安全配置存储
  • 跨环境管理密钥