A comprehensive checklist of security considerations for storing personal secrets, covering over 30 attack vectors and failure modes including brute force, clipboard spying, memory scans, dependency injection, and coercion scenarios. Each point is evaluated against SafeCloset, a Rust-based terminal secret manager built by the author. Key design decisions include using AES-GCM-SIV encryption, no network access, no cloud dependency, statically linked binaries, automatic inactivity timeout, hidden nested drawers for plausible deniability, and locked dependency versions via crates.io.
Sort: