Skip to content

Personal Knowledge Base

Vault - Security

Vault - Security¶

1. Threat Model¶

Memory Dump Risks: Vault locks memory pages mlock to strictly prevent swapping unencrypted secrets to disk.
Shamir's Secret Sharing: Core auto-unseal relies on distributed cloud KMS or manual fragment injection to decrypt the master ring.