Versions in this module Expand all Collapse all v0 v0.2.0 May 1, 2026 Changes in this version + const DefaultIdleTimeout + func CSPNonce(ctx context.Context) string + type API struct + func New(repo storage.Repository, epochCache vault.EpochCache, opts ...Option) *API + func (a *API) AbortMPCDKGAttempt(w http.ResponseWriter, r *http.Request) + func (a *API) AcceptInvite(w http.ResponseWriter, r *http.Request) + func (a *API) AddMPCApproval(w http.ResponseWriter, r *http.Request) + func (a *API) AddMember(w http.ResponseWriter, r *http.Request) + func (a *API) AuthMiddleware(next http.Handler) http.Handler + func (a *API) BeginStepUpPasskey(w http.ResponseWriter, r *http.Request) + func (a *API) BeginWebAuthnLogin(w http.ResponseWriter, r *http.Request) + func (a *API) BeginWebAuthnRegistration(w http.ResponseWriter, r *http.Request) + func (a *API) CSRFMiddleware(next http.Handler) http.Handler + func (a *API) CancelInvite(w http.ResponseWriter, r *http.Request) + func (a *API) ChangeMemberRole(w http.ResponseWriter, r *http.Request) + func (a *API) Close() + func (a *API) CompleteMPCSigningSession(w http.ResponseWriter, r *http.Request) + func (a *API) CreateInvite(w http.ResponseWriter, r *http.Request) + func (a *API) CreateMPCKey(w http.ResponseWriter, r *http.Request) + func (a *API) CreateMPCSigningSession(w http.ResponseWriter, r *http.Request) + func (a *API) CreateVault(w http.ResponseWriter, r *http.Request) + func (a *API) DeleteItem(w http.ResponseWriter, r *http.Request) + func (a *API) DeletePasskey(w http.ResponseWriter, r *http.Request) + func (a *API) DeleteVault(w http.ResponseWriter, r *http.Request) + func (a *API) DisableTwoFactor(w http.ResponseWriter, r *http.Request) + func (a *API) EnableTwoFactor(w http.ResponseWriter, r *http.Request) + func (a *API) ExportAuditLog(w http.ResponseWriter, r *http.Request) + func (a *API) ExportVault(w http.ResponseWriter, r *http.Request) + func (a *API) FinishStepUpPasskey(w http.ResponseWriter, r *http.Request) + func (a *API) FinishWebAuthnLogin(w http.ResponseWriter, r *http.Request) + func (a *API) FinishWebAuthnRegistration(w http.ResponseWriter, r *http.Request) + func (a *API) GenerateCRL(w http.ResponseWriter, r *http.Request) + func (a *API) GenerateRecoveryCodes(w http.ResponseWriter, r *http.Request) + func (a *API) GetAuditStatus(w http.ResponseWriter, r *http.Request) + func (a *API) GetAuthSettings(w http.ResponseWriter, r *http.Request) + func (a *API) GetCACert(w http.ResponseWriter, r *http.Request) + func (a *API) GetCAInfo(w http.ResponseWriter, r *http.Request) + func (a *API) GetCRL(w http.ResponseWriter, r *http.Request) + func (a *API) GetHistoryVersion(w http.ResponseWriter, r *http.Request) + func (a *API) GetInviteInfo(w http.ResponseWriter, r *http.Request) + func (a *API) GetItem(w http.ResponseWriter, r *http.Request) + func (a *API) GetItemHistory(w http.ResponseWriter, r *http.Request) + func (a *API) GetItemPrivateKey(w http.ResponseWriter, r *http.Request) + func (a *API) GetMPCDKGAttempt(w http.ResponseWriter, r *http.Request) + func (a *API) GetMPCKey(w http.ResponseWriter, r *http.Request) + func (a *API) GetMPCMetrics(w http.ResponseWriter, r *http.Request) + func (a *API) ImportVault(w http.ResponseWriter, r *http.Request) + func (a *API) InitCA(w http.ResponseWriter, r *http.Request) + func (a *API) IssueCert(w http.ResponseWriter, r *http.Request) + func (a *API) LabelPasskey(w http.ResponseWriter, r *http.Request) + func (a *API) ListAuditLogs(w http.ResponseWriter, r *http.Request) + func (a *API) ListInvites(w http.ResponseWriter, r *http.Request) + func (a *API) ListItemVersions(w http.ResponseWriter, r *http.Request) + func (a *API) ListItems(w http.ResponseWriter, r *http.Request) + func (a *API) ListMPCDKGAttempts(w http.ResponseWriter, r *http.Request) + func (a *API) ListMPCKeys(w http.ResponseWriter, r *http.Request) + func (a *API) ListMPCProviders(w http.ResponseWriter, r *http.Request) + func (a *API) ListMPCSigningSessions(w http.ResponseWriter, r *http.Request) + func (a *API) ListMembers(w http.ResponseWriter, r *http.Request) + func (a *API) ListPasskeys(w http.ResponseWriter, r *http.Request) + func (a *API) ListVaults(w http.ResponseWriter, r *http.Request) + func (a *API) Login(w http.ResponseWriter, r *http.Request) + func (a *API) Logout(w http.ResponseWriter, r *http.Request) + func (a *API) OpenVault(w http.ResponseWriter, r *http.Request) + func (a *API) PutItem(w http.ResponseWriter, r *http.Request) + func (a *API) RecoveryCodesStatus(w http.ResponseWriter, r *http.Request) + func (a *API) Register(w http.ResponseWriter, r *http.Request) + func (a *API) RegisterMPCSigner(w http.ResponseWriter, r *http.Request) + func (a *API) RenewCert(w http.ResponseWriter, r *http.Request) + func (a *API) RevokeCert(w http.ResponseWriter, r *http.Request) + func (a *API) RevokeMember(w http.ResponseWriter, r *http.Request) + func (a *API) RotateMPCKey(w http.ResponseWriter, r *http.Request) + func (a *API) Router() chi.Router + func (a *API) SearchItems(w http.ResponseWriter, r *http.Request) + func (a *API) SecurityHeaders(next http.Handler) http.Handler + func (a *API) SetupTwoFactor(w http.ResponseWriter, r *http.Request) + func (a *API) SignCSR(w http.ResponseWriter, r *http.Request) + func (a *API) StepUpTOTP(w http.ResponseWriter, r *http.Request) + func (a *API) TwoFactorStatus(w http.ResponseWriter, r *http.Request) + func (a *API) UpdateAuthSettings(w http.ResponseWriter, r *http.Request) + func (a *API) UpdateItem(w http.ResponseWriter, r *http.Request) + func (a *API) UpdateMPCKeyStatus(w http.ResponseWriter, r *http.Request) + func (a *API) WebAuthnStatus(w http.ResponseWriter, r *http.Request) + type AcceptInviteRequest struct + Passphrase string + type AcceptInviteResponse struct + MemberID string + VaultID string + type AddMPCApprovalRequest struct + Approval mpc.Approval + PartyID uint32 + type AddMemberRequest struct + MemberID string + PubKey string + Role string + type AddMemberResponse struct + Epoch uint64 + type AlertEvent struct + Count int + Message string + Threshold int + Timestamp time.Time + Type AlertType + type AlertFunc func(AlertEvent) + type AlertType string + const AlertBulkExport + const AlertCeremonyPressure + const AlertLoginFailureSpike + type AuditEntryResponse struct + Action string + CreatedAt string + ID string + ItemID string + MemberID string + RemoteAddr string + UserAgent string + type AuditEvent string + const AuditAuthSettingsChanged + const AuditCAInitialized + const AuditCRLGenerated + const AuditCSRSigned + const AuditCeremonyCapExceeded + const AuditCertIssued + const AuditCertRenewed + const AuditCertRevoked + const AuditInviteAccepted + const AuditInviteCanceled + const AuditInviteCreated + const AuditItemCreated + const AuditItemDeleted + const AuditItemUpdated + const AuditLoginFailure + const AuditLoginRateLimited + const AuditLoginSuccess + const AuditLogout + const AuditMPCDKGAborted + const AuditMPCDKGCommitted + const AuditMPCKeyCreated + const AuditMPCKeyRotated + const AuditMPCKeyStatusChanged + const AuditMPCSignerRegistered + const AuditMPCSigningApprovalRequested + const AuditMPCSigningApproved + const AuditMPCSigningCompleted + const AuditMPCSigningRequested + const AuditMemberAdded + const AuditMemberRevoked + const AuditMemberRoleChanged + const AuditPrivateKeyAccessed + const AuditRecoveryCodeUsed + const AuditRecoveryCodesGenerated + const AuditRegister + const AuditRegisterRateLimited + const AuditStepUpPasskey + const AuditStepUpTOTP + const AuditTwoFactorDisabled + const AuditTwoFactorEnabled + const AuditTwoFactorSetup + const AuditVaultCreated + const AuditVaultDeleted + const AuditVaultExported + const AuditVaultImported + const AuditWebAuthnDeleted + const AuditWebAuthnLabeled + const AuditWebAuthnLoginSuccess + const AuditWebAuthnRegistered + type AuditStatusResponse struct + EntryCount int + FailureReason string + LatestEntryAt string + RetentionFloor bool + TipHash string + VaultID string + Verified bool + type AuthSession struct + CredentialsBlob string + ExpiresAt time.Time + LastAccessedAt time.Time + PendingTOTPExpiry time.Time + PendingTOTPSecret string + SecretKeyID string + StepUpMethod string + StepUpVerifiedAt time.Time + WebAuthnSessionData string + WebAuthnSessionExpiry time.Time + type AuthSettingsResponse struct + PasskeyPolicy string + TOTPEnabled bool + type CAInfoResponse struct + CRLNumber int64 + CertCount int + IsCA bool + IsIntermediate bool + NextSerial int64 + NotAfter string + NotBefore string + Subject string + type ChangeMemberRoleRequest struct + Role string + type CompleteMPCSigningSessionRequest struct + Commitments []mpc.Commitment + Signature *mpc.Signature + type CreateInviteRequest struct + Role string + type CreateInviteResponse struct + ExpiresAt string + InviteURL string + Passphrase string + Token string + type CreateMPCKeyRequest struct + Algorithm string + Commitments []mpc.PublicCommitment + DKGSessionID string + Fragments map[string]mpc.EncryptedFragment + ImportMode string + KeyID string + MemberIDs []string + Policy vault.MPCPolicy + Threshold int + type CreateMPCSigningSessionRequest struct + Chain string + MessageBase64 string + MessageType string + Network string + Participants []uint32 + TTLSeconds int64 + TransactionMetadata map[string]any + type CreateVaultRequest struct + Description string + Name string + type CreateVaultResponse struct + Epoch uint64 + MemberID string + VaultID string + type DisableTwoFactorRequest struct + Code string + type EnableTwoFactorRequest struct + Code string + type ErrorResponse struct + CorrelationID string + Error string + type ExportAuditEntryResponse struct + Action string + CreatedAt string + ID string + ItemID string + MemberID string + PrevHash string + RemoteAddr string + UserAgent string + VaultID string + type ExportAuditLogResponse struct + Entries []ExportAuditEntryResponse + Signature string + VaultID string + type ExportVaultRequest struct + Passphrase string + type GenerateRecoveryCodesResponse struct + Codes []string + type GetHistoryVersionResponse struct + Fields map[string]string + ItemID string + Version uint64 + type GetItemHistoryResponse struct + History []HistoryEntryResponse + ItemID string + type GetItemResponse struct + Fields map[string]string + ItemID string + type HashedRecoveryCode struct + Hash string + Used bool + type HistoryEntryResponse struct + UpdatedAt string + UpdatedBy string + Version uint64 + type ImportVaultResponse struct + ImportedCount int + type InitCARequest struct + CommonName string + Country string + IsIntermediate bool + Locality string + OrgUnit string + Organization string + Province string + ValidityYears int + type InitCAResponse struct + Subject string + type InviteInfoResponse struct + CreatorID string + ExpiresAt string + Role string + VaultName string + type InviteSummary struct + ExpiresAt string + Role string + Token string + type IssueCertAPIRequest struct + CommonName string + Country string + DNSNames []string + EmailAddresses []string + ExtKeyUsages []string + IPAddresses []string + KeyUsages []string + OrgUnit string + Organization string + ValidityDays int + type IssueCertResponse struct + ItemID string + NotAfter string + NotBefore string + SerialNumber string + Subject string + type ItemSummary struct + ItemID string + Name string + Preview map[string]string + Type string + UpdatedAt string + Version uint64 + type ItemVersionsResponse struct + Epoch uint64 + Versions map[string]uint64 + type LabelPasskeyRequest struct + Label string + type ListAuditLogsResponse struct + Entries []AuditEntryResponse + type ListInvitesResponse struct + Invites []InviteSummary + type ListItemsResponse struct + Items []ItemSummary + type ListMembersResponse struct + Members []MemberSummary + type ListPasskeysResponse struct + Passkeys []PasskeySummary + type ListVaultsResponse struct + Vaults []VaultSummary + type LoginRequest struct + Passphrase string + RecoveryCode string + SecretKey string + TOTPCode string + type MPCDKGAttemptResponse = vault.MPCDKGAttempt + type MPCKeyResponse = vault.MPCKey + type MPCMetricsResponse = vault.MPCMetricsSnapshot + type MPCSigningSessionResponse = vault.MPCSigningSession + type MemberSummary struct + AddedEpoch uint64 + MPCApprovalPublicKey string + MPCEncryptionPublicKey string + MPCPartyID uint32 + MPCSignerStatus string + MPCSignerURL string + MemberID string + Role string + Status string + type MemorySessionStore struct + func NewMemorySessionStore(idleTimeout time.Duration) *MemorySessionStore + func (s *MemorySessionStore) Delete(token string) + func (s *MemorySessionStore) Get(token string) (AuthSession, bool) + func (s *MemorySessionStore) Put(token string, session AuthSession) + type MutationResponse struct + ItemID string + Version uint64 + type OpenVaultResponse struct + Epoch uint64 + MemberID string + VaultID string + type Option func(*API) + func WithAlerting(fn AlertFunc) Option + func WithAuditRetention(maxAge time.Duration, maxEntries int) Option + func WithAuditWebhook(url, authHeader string) Option + func WithExperimentalMPC(enabled bool) Option + func WithHeaderAuth(enabled bool) Option + func WithIdleTimeout(d time.Duration) Option + func WithKDFProfile(name string) (Option, error) + func WithKeyStore(ks pki.KeyStore) Option + func WithLogger(logger *slog.Logger) Option + func WithMPCProductionMode(enabled bool) Option + func WithMPCSignerAuth(sharedKey []byte) Option + func WithMPCSignerTransport(sharedKey []byte, tlsConfig *tls.Config) Option + func WithNoRateLimit() Option + func WithSessionStore(s SessionStore) Option + func WithTrustedProxies(cidrs []string) (Option, error) + func WithWebAuthn(wa *webauthn.WebAuthn) Option + type PaginationMeta struct + HasMore bool + Limit int + Offset int + TotalCount int + type PasskeySummary struct + BackupState bool + CreatedAt string + CredentialID string + Label string + LastUsedAt string + type PersistentSessionStore struct + func NewPersistentSessionStore(repo storage.Repository, idleTimeout time.Duration, wrappingKey []byte) (*PersistentSessionStore, error) + func (s *PersistentSessionStore) Close() + func (s *PersistentSessionStore) Delete(token string) + func (s *PersistentSessionStore) Get(token string) (AuthSession, bool) + func (s *PersistentSessionStore) Put(token string, session AuthSession) + type PutItemRequest struct + Fields map[string]string + type RecoveryCodesStatusResponse struct + CodesTotal int + CodesUnused int + HasCodes bool + type RegisterMPCSignerRequest struct + ApprovalPublicKey string + EncryptionPublicKey string + Status string + URL string + type RegisterRequest struct + Passphrase string + type RegisterResponse struct + SecretKey string + type RenewCertAPIRequest struct + ValidityDays int + type RenewCertResponse struct + NewItemID string + OldItemID string + SerialNumber string + type RevokeCertAPIRequest struct + Reason string + type RotateMPCKeyRequest struct + ArchiveOld *bool + KeyID string + MemberIDs []string + Policy vault.MPCPolicy + Threshold int + type SearchResponse struct + Results []SearchResultItem + type SearchResultItem struct + ItemID string + MatchedField string + Name string + Type string + VaultID string + VaultName string + type SessionStore interface + Delete func(token string) + Get func(token string) (AuthSession, bool) + Put func(token string, session AuthSession) + type SetupTwoFactorResponse struct + ExpiresAt string + OtpauthURL string + Secret string + type SignCSRAPIRequest struct + CSR string + ExtKeyUsages []string + ValidityDays int + type SignCSRResponse struct + Certificate string + ItemID string + SerialNumber string + type StepUpRequiredResponse struct + Error string + Methods []string + type StepUpResponse struct + ExpiresAt string + Method string + Verified bool + type StepUpTOTPRequest struct + Code string + type TwoFactorStatusResponse struct + Enabled bool + type UpdateAuthSettingsRequest struct + PasskeyPolicy string + type UpdateItemRequest struct + Fields map[string]string + type UpdateMPCKeyStatusRequest struct + Status vault.MPCKeyStatus + type VaultSummary struct + Description string + Epoch uint64 + ItemCount int + Name string + VaultID string + type WebAuthnCredentialMeta struct + CreatedAt time.Time + Label string + LastUsedAt time.Time
Go to main page