Vault Management
Learn how to securely manage secrets with Socket0 vaults.
What is a Vault?
A vault is a secure container for managing secrets and sensitive data. Vaults use industry-standard encryption to protect your secrets.
Key Concepts
Secrets
Secrets are key-value pairs stored within a vault. Examples:
- Database passwords
- API keys
- JWTs and tokens
- Encryption keys
- Connection strings
Encryption
Vaults support multiple encryption schemes:
- RSA OAEP: Asymmetric encryption for small secrets (up to ~190 bytes)
- AES-CTR: Symmetric encryption for larger secrets
- AES-GCM: Symmetric encryption with built-in authentication
Bucket Types
The SDK provides different bucket types for different use cases:
- PlainBucket: Unencrypted (for testing only)
- RSABucket: RSA OAEP encryption
- AESCTRBucket: AES-CTR encryption
- AESGCMBucket: AES-GCM encryption with authentication
Quick Start
Creating a Vault
python
from socket0.vault.base import SecretBucket
from Cryptodome.PublicKey import RSA
# Generate RSA key pair
key_pair = RSA.generate(2048)
# Create vault with secret
vault = SecretBucket.create_with_rsa(
secret="my-secret-value",
public_key=key_pair.publickey()
)Retrieving Secrets
python
# Decrypt secret using private key
secret = vault.reveal(key_pair)
print(secret) # Output: my-secret-valueUsing CLI
bash
# List vaults
s0 vault list
# Create vault
s0 vault create my-vault
# Store secret
s0 vault set vault-id secret-name --value "secret-value"
# Retrieve secret
s0 vault get vault-id secret-nameGuides
- Getting Started - Step-by-step tutorial
- CLI Vault Management - Using the CLI tools
Security
Vaults use strong encryption by default:
- RSA-2048 for asymmetric operations
- AES-256 for symmetric operations
- Secure random number generation for all IVs and nonces
Always protect your private keys - they are required to decrypt secrets.
API Reference
See API Reference for detailed API documentation.