feat: add derivation index to vault metadata for unique keys - Add VaultMetadata fields: DerivationIndex, LongTermKeyHash, MnemonicHash - Implement GetNextDerivationIndex() to track and increment indices for same mnemonics - Update init and import commands to use proper derivation indices - Add ComputeDoubleSHA256() for hash calculations - Save vault metadata on creation with all derivation information - Add comprehensive tests for metadata functionality. This ensures multiple vaults using the same mnemonic will derive different long-term keys by using incremented derivation indices. The mnemonic is double SHA256 hashed and stored to track which vaults share mnemonics. Fixes TODO item #5

2025-05-29 16:23:29 -07:00
parent 1a1b11c5a3
commit 34d6870e6a
7 changed files with 378 additions and 18 deletions
--- a/internal/vault/management.go
+++ b/internal/vault/management.go
@@ -5,6 +5,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"time"

 	"git.eeqj.de/sneak/secret/internal/secret"
 	"github.com/spf13/afero"
@@ -201,6 +202,18 @@ func CreateVault(fs afero.Fs, stateDir string, name string) (*Vault, error) {
 		return nil, fmt.Errorf("failed to create unlock keys directory: %w", err)
 	}

+	// Save initial vault metadata (without derivation info until a mnemonic is imported)
+	metadata := &VaultMetadata{
+		Name:            name,
+		CreatedAt:       time.Now(),
+		DerivationIndex: 0,
+		LongTermKeyHash: "", // Will be set when mnemonic is imported
+		MnemonicHash:    "", // Will be set when mnemonic is imported
+	}
+	if err := SaveVaultMetadata(fs, vaultDir, metadata); err != nil {
+		return nil, fmt.Errorf("failed to save vault metadata: %w", err)
+	}
+
 	// Select the newly created vault as current
 	secret.Debug("Selecting newly created vault as current", "name", name)
 	if err := SelectVault(fs, stateDir, name); err != nil {