Changelog
All notable changes to Vaulted are documented here.
The format is based on Keep a Changelog, and the project adheres to Semantic Versioning.
0.3.0
2026-07-02Ground-up rebuild. Vaulted is now a Bun and TypeScript monorepo with a Rust injection primitive, replacing the retired 0.2.x Python implementation. 0.3.0 shares no code with 0.2.x and does not read its data. The full release is tagged as v0.3.0 on GitHub.
Added
- @vaulted/crypto
The full key hierarchy. Argon2id master-key derivation (64 MiB, 3 iterations, 4 lanes via hash-wasm), AES-256-GCM value encryption with a pinned frame format, RSA-OAEP-2048 wrapped per-project keys, service-account token generation with HKDF-SHA256 key derivation, and a typed error taxonomy with known-ciphertext fixtures.
- @vaulted/store
SQLite vault on
bun:sqlite. STRICT tables, WAL mode,0600file mode,PRAGMA user_versionmigrations, projects, environments, nested folders, soft-deleted secrets, service accounts, atomic project-key rotation, and an append-only audit log written in the same transaction as every mutation. - packages/runner
Hardened Rust cdylib for secret injection.
RLIMIT_CORE = 0, environment cleared to a 10-variable allowlist plus secrets,Zeroizingsecret buffers, PID-reuse-safe SIGTERM and SIGINT forwarding, pre-spawn validation, no disk writes, panic-safe FFI boundary, and a captured mode (10 MiB per stream, stdin on/dev/null) plus asignal_childexport for timeout enforcement. - @vaulted/redact
Streaming output sanitizer. In-package Aho-Corasick matcher over plain, base64 (padded and unpadded), and URL-encoded forms of each secret value,
[REDACTED:KEY_NAME]replacement, longest-match-wins overlap resolution, and chunk-boundary-safe streaming. - apps/cli (vaulted)
14 commands.
init,unlock,lock,set,get,list,rm,import,export,run,projects,envs,rotate, andmcp. Per-directoryvaulted.tomlproject pinning, password resolution across env var, OS keychain (Bun.secrets),0600file fallback, and hidden prompt, dotenv import and export with collision strategies, and pipeable stdout-onlyget. - MCP stdio server
vaulted mcpwith five tools.status,list-projects,list-secrets, andget-current-projectare read-only and value-free by construction.run-with-secretscarries a destructive annotation, runs on a worker thread with a configurable timeout, and returns output redacted then truncated at 50,000 chars per stream. Client setup documented for Claude Code, Cursor, Codex, Zed, OpenCode, and Claude Desktop. - Single-execution-path invariant
Both
vaulted runand MCPrun-with-secretsgo through the Rust runner via one FFI bridge, enforced by a source-scan test that rejects any JS-level process API in the CLI sources. - Audit coverage
Secret reveals, exports, runs, and MCP access, with run and export entries written before plaintext leaves the vault.
- CI
Ubuntu and macOS. oxlint,
tsc --noEmit,bun testfor all TypeScript packages and CLI e2e,cargo fmt,cargo clippy -D warnings, andcargo testfor the runner. - Release pipeline
Tagged builds for darwin-arm64, darwin-x64, linux-x64, and linux-arm64, each tarball carrying the standalone binary plus the runner prebuild, a smoke test of every staged binary,
SHA256SUMS, and a checksum-verifyingscripts/install.sh. - Documentation
README, architecture, security, and MCP docs, plus per-package contracts in CONTRACTS.md.
Removed
- The 0.2.x Python implementation
The entire 0.2.x Python implementation (CLI, keychain helper, and Swift Touch ID helper). Retired, not migrated. The final 0.2.x state is preserved in git history.