RelaySMS Vault is a core unit in the RelaySMS ecosystem, responsible for authentication, authorization, secure storage, and message encryption/decryption. It ensures that access tokens (e.g., OAuth2 tokens from Gmail, Twitter, and Telegram phone-based authentication) and user data are securely managed while enabling authenticated message transmission.
RelaySMS Vault provides secure storage and access control for user authentication data and access tokens. It integrates with other RelaySMS units via gRPC to facilitate secure messaging.
Users create and manage their accounts through RelaySMS clients (apps), which interact with the vault to securely store and manage their authentication data. When sending messages, the vault ensures the user is authenticated before decrypting their access tokens and message content.
- Users register accounts via RelaySMS clients.
- Account information is securely stored in the vault.
- Users can delete and manage their accounts through the clients and gRPC.
- Users obtain access tokens via the Publisher unit.
- Tokens are securely stored in the vault and accessed via gRPC.
- Messages are encrypted and decrypted using the Signal Double Ratchet algorithm.
- The vault and client use X25519 key exchange for secure asynchronous encryption.
For details on how RelaySMS Vault secures user data and tokens, see the security documentation.
RelaySMS Vault interacts with other RelaySMS units using gRPC. Learn more in the gRPC documentation.
Technical details on vault implementation and integration:
API endpoints and available versions.
To contribute:
- Fork the repository.
- Create a feature branch:
git checkout -b feature-branch. - Commit changes:
git commit -m 'Add a new feature'. - Push to the branch:
git push origin feature-branch. - Open a pull request.
This project is licensed under the GNU General Public License (GPL). See the LICENSE file for details.