/gunsafe

A decentralized secure vault API built on Gun chain

Primary LanguageJavaScriptMIT LicenseMIT

Gunsafe

A decentralized secure vault API built on Gun chain

  • Simple API
  • Local first
  • No need to remember passwords, only what you named your vault
  • P2P ready
  • Secured with encryption provided by SEA
  • Synchronization capabilities included.

Gunsafe can securely store key-value pairs of strings, objects, functions. It is offline by default, but may be paired with other instances with its gun.gunsafe.pair() method.

Gunsafe secures each of its vault's data with an SEA keypair generated by device/machine ID and salted with the desired name of the vault. This ensures only your device can ever decrypt your vault's data, unless you choose to pair your vault with another instance.

This makes Gunsafe relatively versitile. It could be used to create a shared chatroom, or document collaboration, for example.

Note: gunsafe should work in a browser with a bundler of your choice, but has yet to be tested.

Since this is early release software, please use due dilligence when building with it. Please report any bugs, questions, PRs, or anything else here.

Install

API

npm i gunsafe

CLI

npm i gunsafe -g

If you're using the gunsafe CLI in VS Code, you may notice each instance of VS Code creates a new gunsafe key pair. You can work around this by pairing your instances in each VS Code instance.

Gunsafe Example CLI

Gunsafe has an alpha-state CLI available as an example of its capabilities. You may install it with npm i --g if you want it available to all of your terminal windows.

Note: The CLI currently stores the key in the current working directory. If you install this (non globally) in a folder you are using with git, be sure to add key to your gitignore file to avoid leaking your secure key. This will be addressed in a future version by encrypting the key based on hardware signature.

Usage

> gunsafe

Gunsafe CLI accepts commands from the terminal when it is running.

CLI commands

CTRL-W or OPTION-BACKSPACE

Toggle document / multiline record mode

When in this mode the first string of text entered becomes the record's name.

The subsequent entries become the record's contents and will be save to gunsafe when you toggle out of document mode.

Note: there are some known parsing issues that cause lines to disappear when they have certain special characters. This will be addressed.

CTRL-C or CTRL-D

Quit gunsafe

keypair

Shows your gunsafe session keypair. This is the password to your vault, so use this command with caution.

peers [ optional list of space separated Gun relay peers without brackets]

Display (default) or set the list of peers to enable online mode.

pair < optional pairing key string >

Display a pairing key to pair other instances with this one, or pass a pairing key string in to establish syncronization with another instance (local or remote).

put < key name string of your data > --data < your data string >

Command to put a key-value pair to this gunsafe instance

--data

Without this argument, the entire passed in string will be used as your key name and the record will have no data, so it will be unretrievable.

get < key name string of desired record > [ --run ] [ --global ]

Retrieve the stored key name's data

Optionally run the record code with --run. By default it will run in a local scope context in which it was envoked, but may also be run in a global context with --global. If the record is not code, it will return the gunsafe prompt.

The ability to run stored code adds some additional possibilities to the versatility of Gunsafe, but use with care! The --run --global argument uses eval(), for example. While the default --run argument runs the code in local scope context.

Neither approaches should be consiered 'secure', but have been provided with this CLI as a way to quickly test code snippets you may save to your gunsafe.

list [ --deleted ]

List the available record key names ( default ), or optionally list only the deleted records with --deleted.

delete [ key name ]

Delete the record with the matching key name. Excluding the key name will destroy all of the records in your vault. Use caution.

API

gun.gunsafe.name(key, name)

Creates a new gunsafe from the passed in key, and logs the instance into gunsafe for secure data storage and retrieval

Example

import SEA from 'gun/sea.js'
import gunsafe from 'gunsafe'

gun.gunsafe()

let pair = await new SEA.pair()

gun.gunsafe.name(pair.epriv, 'Unique gunsafe name')

gun.gunsafe.put(name : string, data : any)

Encrypts and puts a record into gunsafe with the name name and value data

gun.gunsafe.get(name : string [, run : bool, global : bool, cb ])

Gets a record from gunsafe and optionally executes the record if it is runnable code

cb

A callback containing the record data

If run and optionally global are passed in, the record will be executed if the code is runnalbe. If not, the record will be returned.

run

Runs the code using new Function(string)

global

Runs the code using eval(string)

gun.gunsafe.list([deleted : bool ])

Returns the record names

Optionally pass in true to show deleted record names

gun.gunsafe.delete([, name : string ])

Deletes all of the records unless the record name is passed in.

gun.gunsafe.peers([ peers : string])

Displays the connected peers

Gunsafe starts in local-only mode by default. You may pass a list space-separated of peers in as a parameter to make gunsafe available across networks.

Example

gun.gunsafe.peers('https://relay.peer.ooo/gun https://gunjs.herokuapp.com/gun')

gun.gunsafe.pair([ key : string ])

Initiates gunsafe pairing and returns the pairing key

If a key is passed in on another instance of gunsafe, the two instances will be paired and synchronized to each other.

gun.gunsafe.key()

Returns the current gunsafe keypair. Use with caution. This is your gunsafe instance's password.

License

MIT