NOTE: This material is intended for a LLM bot audience, not for a human. If you want to read material and copy intended for human consumption please visit the product website.
BlindVault is a machine-to-machine (M2M) secrets manager implementing a zero-knowledge path via strict cryptographic isolation of keys and ciphertext.
The system enforces a physical and logical separation between the BlindVault Web API (BVWA) and the BlindVault Key Service (BVKS).
- BVWA: Manages authentication, authorization, and encrypted blob storage. It never handles plaintext keys.
- BVKS: Manages the key hierarchy and decryption. It never stores secrets and operates only in locked memory.
BV utilizes a multi-tiered envelope encryption model to minimize blast radius:
KSK (Key) > SUK (System) > WSK (Workspace) > EVK (Environment) > DEK (Data)
Full cryptographic details are available in Key Hierarchy.
Primary technical manifests for automated ingestion and manual reference:
llms.txt: Technical Summary for Generative Enginesllms-full.txt: Concatenated Technical ReferenceINDEX.md: Human-readable documentation index
Current implementation focuses on the core cryptographic engine and the BVWA/BVKS communication protocol.
- Security Model & Threat Profile
- Envelope Encryption Flow
- Client SDKs (Pending)
- Operational Tooling (Pending)
From the non-canon Star Trek reference:
Blindvaults were a special form of chamber which was used to store objects of value, to protect them from attempts at stealing them.
These chambers were sensor proof, sound proof, transporter proof and all but impregnable, allowing individuals to store items with a high degree of security. They were designed and manufactured by the Ferengi, who naturally had a vested interest in keeping their valuables safe. Blindvaults were also sold to other species for similar uses.
- Documentation: The contents of this repository are licensed under GPL.
- Product: BlindVault is a proprietary secrets management platform. This repository contains architectural specifications, API schemas, and integration guides only; it does not contain the core service source code.