Iron Vault is a toy password manager written in Rust. While the goal is to design a secure system for managing passwords, it was not designed by a security expert and has not been independently audited or evaluated by security experts.
As such it cannot be expressed strongly enough that Iron Vault is a toy password manager. UNDER NO CIRCUMSTANCES SHOULD YOU PUT REAL PASSWORDS INTO IRON VAULT.
Iron Vault is broken up into a number of separate components. The core logic exists in a rust library known as vault_core. The main file for this library exists in src/core/core.rs. vault_core is responsible for all of the core cryptographic strength of Iron Vault.
The application that provides command line access to your encrypted passwords is a rust program called iv. The main entry point for iv is in src/cli/cli.rs.
In the future there will also exist:
- A rust application
vault_servicethat runs as a service and provides access to vault forivand other applications. - An electron application to provide a native desktop application for Iron Vault.
- A Chrome and Firefox browser extension to provide a browser application for Iron Vault.
Ensure you have all of the development dependencies installed (see below). Once that's done, run bin/setup to initialize the repository.
Building everything can be run with cargo build.
To build simply run cargo build.
Tests are run with Cargo. Unfortunately, due to the environment variable testing in
database.rs, tests can only be run on a single thread or you will see some
intermittent errors. To run tests execute:
RUST_TEST_THREADS=1 cargo test
Some of the PBKDF2 tests are slow and are ignored for the main run of tests. To test these functions run:
RUST_TEST_THREADS=1 cargo test -- --ignored
Both of these tests will be run automatically by the pre-push hooks that are installed with bin/setup.