Project

General

Profile

Basic concepts

Everything in StoredSafe revolves around a couple of basic building blocks:

  • Vaults
  • Objects
  • Capabilities given to an individual user ("User Capabilities")
  • Permission given to an individual user in a specific vault ("Vault Permission")

Vaults

Vaults are used to store objects and permission to view or change the objects is given to a specific user for a specific vault.

Every vault has an individual, unique encryption key used to encrypt information in stored objects, all objects in a specific vault share the same encryption key.

Whoever initially creates a vault will automatically get the "Admin" permission of the newly created vault, note that a user requires a specific capability ("Write") to be able to create vaults.

Objects

Objects are pieces of information (password, files etc) which will be stored encrypted in the appliance, every object belongs to a single vault and access to the object is determined if a user belongs to the vault or not.

  • Folder: An object to store other objects in
  • Login: Contains a hostname, username and a password (encrypted) field
  • Short login: Contains a username and a password (encrypted) field
  • Server: Contains a hostname, username, password (encrypted), extra information and a sensitive information (encrypted)
  • Note: Contains a name and note (encrypted)
  • PIN Code: Contains a name and a PIN code (encrypted)
  • File: Contains a name, a description and a file (encrypted)

User Capabilities

A user can have the following different capabilities

  • Read: User is only allowed to use vaults assigned to them by other users with the Write permission
  • Write: User is allowed to create vaults
  • Admin: User is allowed to create users and deactivate users
  • Audit: User is allowed to view the audit logs
  • UG List: User is allowed to view what vaults a user belongs to and what users belong to a certain vault
  • Active: User is active and allowed to log on

Vault Permissions

A user can have the following permissions in a vault

  • Read: User has read only access to objects in the vault
  • Write: User is allowed to view, change, delete or add objects to the vault
  • Admin: User is allowed to share the vault with other users

All permissions are inclusive, "Write" includes "Read" and "Admin" includes "Write" and "Read".

Whoever initially creates a vault will automatically get the "Admin" permission of the newly created vault, note that a user requires a specific capability ("Write") to be able to create vaults.