A secure secrets and API key management REST API built with FastAPI, PostgreSQL, and JWT authentication.
NullVault lets developers securely store, retrieve, and manage API keys and secrets through a REST API. Secrets are encrypted at rest using Fernet symmetric encryption. Every action is logged in an audit trail.
- JWT Authentication — register and login, every endpoint is protected
- Encrypted Secrets — secrets stored encrypted, never in plaintext
- Audit Logging — every read, write, and delete is recorded with timestamp
- Security by Design — list endpoint never returns secret values, only names
- FastAPI — REST API framework
- PostgreSQL — database
- SQLAlchemy — ORM
- JWT (python-jose) — authentication tokens
- cryptography (Fernet) — secret encryption
- passlib + bcrypt — password hashing
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /auth/register | Create account | No |
| POST | /auth/login | Get JWT token | No |
| POST | /secrets/ | Store a secret | Yes |
| GET | /secrets/ | List secret names | Yes |
| GET | /secrets/{name} | Retrieve decrypted secret | Yes |
| DELETE | /secrets/{name} | Delete a secret | Yes |
| GET | /audit/ | View audit log | Yes |
| GET | /health | Health check | No |
git clone https://github.com/Jpeg-create/nullvault.git
cd nullvaultpip install -r requirements.txtcreatedb nullvaultcp .env.example .envEdit .env with your values:
DATABASE_URL=postgresql://your_user@localhost:5432/nullvault
SECRET_KEY=your-secret-key
ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=30
ENCRYPTION_KEY=your-fernet-key
Generate a Fernet key:
python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"uvicorn app.main:app --reloadVisit http://127.0.0.1:8000/docs for the interactive API documentation.
MIT