1
1
mirror of https://github.com/Eugeny/tabby.git synced 2024-11-22 03:26:09 +03:00
2 Vault Encryption
Eugeny edited this page 2021-08-24 23:00:35 +02:00

Storage

The Vault is stored as a part of the YAML config file in the vault attribute. Ciphertext (base-64), IV (hex), key salt (hex) and format version are saved.

Cryptography

Vault contents are encrypted using AES-256-CBC. Key is derived from the passphrase using PBKDF2 (SHA-512, 64 bit salt). Both IV and key salt are generated from a cryptographically safe random source.

You can review the implementation here: https://github.com/Eugeny/tabby/blob/master/tabby-core/src/services/vault.service.ts#L55-L94

Config encryption

When config encryption is enabled, all config attributes except vault and encrypted are removed from the config and stored inside the vault data instead. Vault must then be decrypted at the app start to load the config.