Store secrets and keys using the IOTA Stronghold encrypted database and secure runtime.
This plugin requires a Rust version of at least 1.67
There are three general methods of installation that we can recommend.
- Use crates.io and npm (easiest, and requires you to trust that our publishing pipeline worked)
- Pull sources directly from Github using git tags / revision hashes (most secure)
- Git submodule install this repo in your tauri project and then use file protocol to ingest the source (most secure, but inconvenient to use)
Install the Core plugin by adding the following to your Cargo.toml
file:
src-tauri/Cargo.toml
[dependencies]
tauri-plugin-stronghold = { git = "https://github.com/tauri-apps/plugins-workspace", branch = "v1" }
You can install the JavaScript Guest bindings using your preferred JavaScript package manager:
Note: If your JavaScript package manager cannot install packages from git monorepos, you can still use the code by manually copying the Guest bindings into your source files.
pnpm add https://github.com/tauri-apps/tauri-plugin-stronghold#v1
# or
npm add https://github.com/tauri-apps/tauri-plugin-stronghold#v1
# or
yarn add https://github.com/tauri-apps/tauri-plugin-stronghold#v1
First you need to register the core plugin with Tauri:
src-tauri/src/main.rs
fn main() {
tauri::Builder::default()
.plugin(tauri_plugin_stronghold::Builder::new(|password| {
// Hash the password here with e.g. argon2, blake2b or any other secure algorithm
// Here is an example implementation using the `rust-argon2` crate for hashing the password
use argon2::{hash_raw, Config, Variant, Version};
let config = Config {
lanes: 4,
mem_cost: 10_000,
time_cost: 10,
variant: Variant::Argon2id,
version: Version::Version13,
..Default::default()
};
let salt = "your-salt".as_bytes();
let key = hash_raw(password.as_ref(), salt, &config).expect("failed to hash password");
key.to_vec()
})
.build())
.run(tauri::generate_context!())
.expect("error while running tauri application");
}
Afterwards all the plugin's APIs are available through the JavaScript guest bindings:
import { Stronghold, Location, Client } from "tauri-plugin-stronghold-api";
import { appDataDir } from "@tauri-apps/api/path";
const initStronghold = async () => {
const vaultPath = `${await appDataDir()}/vault.hold`;
const vaultKey = "The key to the vault";
const stronghold = await Stronghold.load(vaultPath, vaultKey);
let client: Client;
const clientName = "name your client";
try {
client = await hold.loadClient(clientName);
} catch {
client = await hold.createClient(clientName);
}
return {
stronghold,
client,
};
};
const { stronghold, client } = await initStronghold();
const store = client.getStore();
const key = "my_key";
// Insert a record to the store
const data = Array.from(new TextEncoder().encode("Hello, World!"));
await store.insert(key, data);
// Read a record from store
const data = await store.get(key);
const value = new TextDecoder().decode(new Uint8Array(data));
// Save your updates
await stronghold.save();
// Remove a record from store
await store.remove(key);
PRs accepted. Please make sure to read the Contributing Guide before making a pull request.
For the complete list of sponsors please visit our website and Open Collective.
Code: (c) 2015 - Present - The Tauri Programme within The Commons Conservancy.
MIT or MIT/Apache 2.0 where applicable.