{"id":47968133,"url":"https://github.com/5queezer/axiom-vault","last_synced_at":"2026-05-02T13:07:36.299Z","repository":{"id":324588409,"uuid":"1097709026","full_name":"5queezer/axiom-vault","owner":"5queezer","description":"AxiomVault","archived":false,"fork":false,"pushed_at":"2026-05-02T11:29:42.000Z","size":34175,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-05-02T12:26:14.815Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/5queezer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-16T17:28:48.000Z","updated_at":"2026-05-02T11:24:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"598f5585-1704-40bd-8de2-4e7a812c31a2","html_url":"https://github.com/5queezer/axiom-vault","commit_stats":null,"previous_names":["5queezer/axiom-vault"],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/5queezer/axiom-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5queezer%2Faxiom-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5queezer%2Faxiom-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5queezer%2Faxiom-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5queezer%2Faxiom-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/5queezer","download_url":"https://codeload.github.com/5queezer/axiom-vault/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/5queezer%2Faxiom-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32535009,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-02T12:25:33.646Z","status":"ssl_error","status_checked_at":"2026-05-02T12:24:51.733Z","response_time":132,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-04T10:39:59.756Z","updated_at":"2026-05-02T13:07:36.295Z","avatar_url":"https://github.com/5queezer.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eAxiomVault\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Cross-platform encrypted vault with client-side encryption, built in Rust.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/5queezer/axiom-vault/actions/workflows/rust-ci.yml\"\u003e\u003cimg src=\"https://github.com/5queezer/axiom-vault/actions/workflows/rust-ci.yml/badge.svg\" alt=\"Rust CI\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/5queezer/axiom-vault/actions/workflows/pr-check.yml\"\u003e\u003cimg src=\"https://github.com/5queezer/axiom-vault/actions/workflows/pr-check.yml/badge.svg\" alt=\"PR Check\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/5queezer/axiom-vault/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/5queezer/axiom-vault?include_prereleases\" alt=\"Latest Release\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/5queezer/axiom-vault/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/5queezer/axiom-vault\" alt=\"License\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n\u003e [!WARNING]\n\u003e This project is in **early development** and is **not production ready**. APIs may change, features may be incomplete. Do not use for storing sensitive data in production.\n\n## Overview\n\nAxiomVault encrypts your files locally before they touch any cloud service. A single Rust core powers every platform \u0026mdash; no JVM, no Electron, just native performance with native UIs.\n\n**Platforms:** Linux, macOS, iOS, Android\n**Clients:** CLI, Linux (GTK4/libadwaita), macOS (SwiftUI), iOS (SwiftUI), Android (Compose)\n\n## Features\n\n### Encryption\n\n| Property | Details |\n|----------|---------|\n| Content encryption | XChaCha20-Poly1305 (AEAD) with 24-byte nonces |\n| Key derivation | Argon2id (memory-hard, GPU-resistant) |\n| Filename encryption | Deterministic XChaCha20-Poly1305 |\n| Directory structure | Fully encrypted tree index |\n| Streaming | Chunked encryption (64 KiB) with per-chunk authentication |\n| Key hierarchy | Blake2b-derived file keys, directory keys, and index keys |\n| Memory safety | Automatic zeroization, constant-time comparisons, no plaintext logging |\n\n### Platform Features\n\n| Feature | CLI | Desktop | macOS | iOS | Android |\n|---------|:---:|:-------:|:-----:|:---:|:-------:|\n| Create / unlock vault | x | x | x | x | x |\n| Browse files | x | x | x | x | x |\n| Add files \u0026 folders | x | x | x | x | x |\n| Extract / export | x | x | x | x | x |\n| Drag \u0026 drop | | x | x | x | |\n| FUSE mount | x | x | | | |\n| File Provider | | | x | x | |\n| Google Drive sync | x | x | x | x | x |\n| Change password | x | x | x | x | x |\n\n### Cloud Storage\n\n- **Google Drive** \u0026mdash; full OAuth2 integration with resumable uploads\n- **Local filesystem** \u0026mdash; for offline or self-hosted storage\n- iCloud, Dropbox, OneDrive \u0026mdash; planned ([#60](https://github.com/5queezer/axiom-vault/issues/60))\n\n### Sync Engine\n\n- On-demand or periodic background sync\n- Conflict detection via ETags with configurable resolution (keep both, prefer local, prefer remote, manual)\n- Exponential backoff retry\n\n## Quick Start\n\n### Prerequisites\n\n- [Rust](https://rustup.rs/) stable toolchain\n\n**Linux (native GTK client, Debian/Ubuntu):**\n```bash\nsudo apt-get install -y libfuse3-dev libgtk-4-dev libadwaita-1-dev\n```\n\n**macOS:**\n```bash\nbrew install --cask macfuse\n```\n\n### Build\n\n```bash\ngit clone https://github.com/5queezer/axiom-vault.git\ncd axiom-vault\n\n# CLI\ncargo build --release -p axiomvault-cli\n\n# Linux native desktop (GTK4/libadwaita)\ncargo build --release -p axiomvault-linux\n\n# Apple clients (requires Xcode + XcodeGen)\ncd clients/apple\n./Scripts/build-apple.sh --platform all\nxcodegen generate\nopen AxiomVault.xcodeproj\n```\n\n### Usage\n\n```bash\n# Create a vault\naxiomvault create --name MyVault --path ~/my-vault\n\n# Add files\naxiomvault add --vault-path ~/my-vault --source ~/secret.pdf --dest /secret.pdf\n\n# List contents\naxiomvault list --vault-path ~/my-vault\n\n# Extract files\naxiomvault extract --vault-path ~/my-vault --source /secret.pdf --dest ~/secret.pdf\n\n# Interactive session\naxiomvault open --path ~/my-vault\n```\n\n### Google Drive\n\n```bash\n# Authenticate (opens browser)\naxiomvault gdrive-auth --output ~/gdrive-tokens.json\n\n# Create vault on Drive\naxiomvault gdrive-create --name CloudVault \\\n    --folder-id YOUR_FOLDER_ID \\\n    --tokens ~/gdrive-tokens.json\n\n# Open cloud vault\naxiomvault gdrive-open --folder-id YOUR_FOLDER_ID \\\n    --tokens ~/gdrive-tokens.json\n```\n\n### Sync\n\n```bash\naxiomvault sync --vault-path ~/my-vault --strategy keep-both\naxiomvault sync-status --vault-path ~/my-vault\naxiomvault sync-configure --vault-path ~/my-vault --mode periodic --interval 300\n```\n\n## CLI Reference\n\n| Command | Description |\n|---------|-------------|\n| `create` | Create a new encrypted vault |\n| `open` | Open vault interactively |\n| `info` | Display vault information |\n| `list` | List vault contents |\n| `add` | Add file to vault |\n| `extract` | Extract file from vault |\n| `mkdir` | Create directory in vault |\n| `remove` | Remove file or directory |\n| `change-password` | Change vault password |\n| `gdrive-auth` | Authenticate with Google Drive |\n| `gdrive-create` | Create vault on Google Drive |\n| `gdrive-open` | Open vault from Google Drive |\n| `sync` | Synchronize vault with remote |\n| `sync-status` | Show sync status |\n| `sync-configure` | Configure sync behavior |\n\n**KDF strength levels:**\n\n```\n--strength interactive   # ~0.5s, mobile-friendly (64 MiB, 3 iterations)\n--strength moderate      # ~1s, balanced (default, 32 MiB, 3 iterations)\n--strength sensitive     # ~3s, high security (256 MiB, 4 iterations)\n```\n\n## Architecture\n\n```\naxiom-vault/\n├── core/\n│   ├── crypto/           # XChaCha20-Poly1305, Argon2id, Blake2b\n│   ├── vault/            # Vault engine, config, tree index\n│   ├── storage/          # Storage provider trait + Google Drive\n│   ├── sync/             # Sync engine, conflict resolution\n│   ├── fuse/             # FUSE virtual filesystem\n│   ├── ffi/              # C-ABI bindings for mobile (cbindgen)\n│   └── common/           # Shared types\n├── clients/\n│   ├── apple/            # Unified iOS + macOS (SwiftUI, XcodeGen)\n│   ├── android/          # Android (Kotlin Compose)\n│   └── linux/            # Linux native desktop (GTK4/libadwaita)\n└── tools/\n    └── cli/              # Command-line interface\n```\n\n### Vault Format\n\n```\nvault-root/\n├── vault.config          # Encrypted metadata (salt, KDF params, version)\n├── d/                    # Encrypted file content\n└── m/\n    └── tree.json         # Encrypted directory tree index\n```\n\n### Security Design\n\n- **Client-side only** \u0026mdash; data is encrypted before leaving your device\n- **Zero-knowledge** \u0026mdash; no server, no accounts, no key escrow\n- **Authenticated encryption** \u0026mdash; AEAD on every chunk prevents tampering\n- **Chunk ordering protection** \u0026mdash; chunk index is authenticated to prevent reordering\n- **Memory safety** \u0026mdash; `Zeroize` + `ZeroizeOnDrop` on all key types, `subtle` for constant-time ops\n- **No plaintext in logs** \u0026mdash; keys and sensitive data are redacted in `Display` impls\n- **Quantum-resistant vault encryption** \u0026mdash; AxiomVault uses quantum-resistant client-side encryption for vault contents and encrypted filenames, based on 256-bit symmetric AEAD encryption and password/recovery-key based key wrapping. Password-protected vault strength remains bounded by the user's password entropy, so use a strong password or the high-entropy recovery key for post-quantum-strength access. This claim excludes TLS, OAuth, and cloud-provider identity layers.\n\n## Development\n\n```bash\ncargo fmt --all                       # Format\ncargo clippy --workspace -- -D warnings  # Lint\ncargo test --workspace                # Test\n```\n\n## Contributing\n\nContributions are welcome. Please open an issue first to discuss what you'd like to change.\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feature/my-feature`)\n3. Commit your changes\n4. Push and open a pull request\n\nAll PRs must pass CI checks (formatting, clippy, tests) before merging.\n\n## License\n\n[Apache 2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5queezer%2Faxiom-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F5queezer%2Faxiom-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F5queezer%2Faxiom-vault/lists"}