Conversation
Undline
commented
Apr 7, 2026
Undline
commented
- Argon2id + AES-GCM vault.json under ~/.modulr/keymaster (KEYMASTER_VAULT_* overrides)
- POST setup/unlock, lock; httpOnly session; empty profiles until add-identity ships
- Fireflies UI kept; remove preview banner; copy and forms wired
- PyPI trust notes in pyproject; tests (vault crypto + setup flow)
- Gitignore local vault paths
- Argon2id + AES-GCM vault.json under ~/.modulr/keymaster (KEYMASTER_VAULT_* overrides) - POST setup/unlock, lock; httpOnly session; empty profiles until add-identity ships - Fireflies UI kept; remove preview banner; copy and forms wired - PyPI trust notes in pyproject; tests (vault crypto + setup flow) - Gitignore local vault paths Made-with: Cursor
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b4abf65af0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| sessions: dict[str, UnlockedVault] = request.app.state.keymaster_sessions | ||
| sessions[sid] = vault | ||
| response.set_cookie( |
There was a problem hiding this comment.
This stores each decrypted UnlockedVault in app.state.keymaster_sessions but never expires entries unless /lock is called with the same cookie, so closing the browser (or otherwise losing the cookie) leaves private keys resident in server RAM until process restart. In practice, repeated unlocks create stale in-memory key copies that users can no longer clear, which contradicts the expected lock-on-session-end behavior and increases key exposure window.
Useful? React with 👍 / 👎.
| tmp.write_text(payload, encoding="utf-8") | ||
| tmp.replace(path) |
There was a problem hiding this comment.
The vault file is written with default filesystem permissions, which on typical Unix umasks results in group/world-readable vault.json after replace. Even though ciphertext is encrypted, this exposes the blob to other local users for offline passphrase attacks; the writer should explicitly enforce restrictive mode (e.g., 0600) when creating/replacing the file.
Useful? React with 👍 / 👎.
1 participant
