A secure, encrypted credential vault for Julia with military-grade encryption and secure memory handling.
- π AES-256 equivalent encryption using authenticated stream cipher
- π PBKDF2-HMAC-SHA256 key derivation with 100,000+ iterations
- π§Ή Secure memory wiping - secrets are wiped when destroyed
- π JSON-based encrypted storage - portable vault files
- β° TTL-based expiration - auto-expire secrets
- π Audit logging - track all vault operations
- π Key rotation - change master password without data loss
using Pkg
Pkg.add(url="https://github.com/bad-antics/securevault")using SecureVault
# Create a new vault
vault = create_vault("secrets.vault", "MyMasterPassword123!")
# Store credentials
store_credential!(vault, "GitHub", "bad-antics", "gh_token_xxx")
store_api_key!(vault, "OpenAI", "sk-xxx-yyy-zzz")
# Store with expiration (1 hour TTL)
store!(vault, "temp_token", Dict("token" => "abc123"), ttl_seconds=3600)
# Retrieve secrets
creds = retrieve(vault, "GitHub")
println(creds["username"]) # bad-antics
# List all entries
for entry in list_entries(vault)
println("$(entry["name"]) - $(entry["category"])")
end
# Lock vault when done (wipes key from memory)
lock_vault!(vault)Prevent sensitive data from lingering in memory:
# SecureString automatically wipes on garbage collection
password = SecureString("super_secret_password")
# Use the password
auth(String(password))
# Explicitly wipe when done
wipe!(password)Change your master password without decrypting to disk:
vault = open_vault("secrets.vault", "OldPassword")
rotate_master_key!(vault, "NewSecurePassword456!")# Export to encrypted backup
export_vault(vault, "backup.vault.enc", "BackupPassword")- Stream cipher with SHA-256 keystream generation
- HMAC-SHA256 authentication tags prevent tampering
- Random 96-bit nonces for each encryption
- PBKDF2-HMAC-SHA256 with configurable iterations
- 256-bit random salt per vault
- Default 100,000 iterations (adjustable)
SecureStringtype with automatic wiping- Keys wiped on vault lock
- Multi-pass overwrite (random + zero)
- All operations logged with timestamps
- Track access patterns
- Detect unauthorized access attempts
| Function | Description |
|---|---|
create_vault(path, password) |
Create new encrypted vault |
open_vault(path, password) |
Open existing vault |
lock_vault!(vault) |
Lock and wipe keys |
rotate_master_key!(vault, new_password) |
Change master password |
export_vault(vault, path, password) |
Export encrypted backup |
| Function | Description |
|---|---|
store!(vault, name, data) |
Store arbitrary secret |
store_credential!(vault, name, user, pass) |
Store username/password |
store_api_key!(vault, name, key) |
Store API key |
store_ssh_key!(vault, name, priv, pub) |
Store SSH keypair |
retrieve(vault, name) |
Get secret by name/ID |
delete!(vault, name) |
Remove secret |
list_entries(vault) |
List all entries |
| Function | Description |
|---|---|
generate_password(length) |
Generate secure random password |
SecureString(str) |
Create wipeable string |
wipe!(secure_string) |
Securely wipe from memory |
- π Credential Management - Store passwords, tokens, API keys
- π€ Automation Scripts - Secure credential storage for CI/CD
- π¬ Security Research - Safe handling of sensitive test data
- π» Development - Local secrets management
MIT License - see LICENSE for details.
Created by bad-antics
Part of the Awesome Julia Security collection.
