vault-server

README

Vault Server

The Vault Server is an abstraction over Confidential Storage vaults and WebKMS key stores.

How it works

See the OpenAPI spec.

Creating Vaults

When a user creates a vault in the Vault Server:

• a Decentralized Identifier is created for the vault
• a WebKMS key store is created with the vault's DID as its controller
• a Confidential Storage vault is created with the vault's DID as its controller

Storing documents

When a user stores a document in a vault in the Vault Server:

• the user provides a unique identifier for the document and its contents
• the contents are encrypted with a random encryption key
• a new key pair is created in the WebKMS key store
• the encryption key is encrypted by the WebKMS service using the new key pair
• the encrypted artifacts are assembled into an EncryptedDocument and stored in the Confidential Storage vault

Authorizations

When a user authorizes a third party to access a document, the Vault Server creates two authorization tokens:

• One token to use at the Confidential Storage Vault backend to retrieve the encrypted document
• One token to use at the WebKMS keystore backend to unwrap the encryption key for the document

Contributing

Thank you for your interest in contributing. Please see our community contribution guidelines for more information.

License

Apache License, Version 2.0 (Apache-2.0). See the LICENSE file.

Documentation

Overview

Package vault-server Vault REST API.

Terms Of Service:

Schemes: http, https
Version: 0.1.0
License: SPDX-License-Identifier: Apache-2.0

Consumes:
- application/json

Produces:
- application/json

swagger:meta