store
store
¶
At-rest credentials store — the SQLCipher DB and its passphrase plumbing.
The data layer behind the vault daemon. No network, no long-lived process, no protocol handlers; just storage primitives and the passphrase resolution chain that unlocks the encrypted file.
Collaborators:
db—CredentialDB: the SQLite/SQLCipher store for provider secrets, SSH keys, and the phantom-token registry.encryption— six-tier passphrase resolution chain (session-unlock file → systemd-creds → keyring → passphrase_command → config fallback → interactive prompt) and the SQLCipher open / migrate primitives every other store module builds on.migrations— schema bootstrap + forward migrations.systemd_creds— subprocess wrapper forsystemd-creds(1), the machine-bound (TPM2 / host key) tier.