👉 Check it out: https://solsecure.vercel.app/
SolSecure revolutionizes secret management through zero key management - no private keys to store, no passwords to remember, no complex key rotations. Powered by Solana blockchain technology, users simply connect their wallet and sign messages to securely access encrypted secrets.
Zero-Trust Security Model: Implements passwordless authentication where your Solana wallet IS your identity with no additional credentials. Zero key management means no private keys stored anywhere - encryption keys derived from wallet signatures on-demand. Smart contract permissions provide on-chain membership verification ensuring only authorized users access secrets. End-to-end encryption protects secrets in browser before transmission - backend never sees plaintext data.
AI-Powered Assistant: Integrated AI Assistant provides smart project creation with guided optimal structure and environment setup, intelligent log analysis extracting insights from activity logs and access patterns, automated environment management with AI-suggested best practices for dev/staging/production workflows, and proactive security recommendations based on usage patterns and industry standards.
SolSecure uses a modern, secure architecture:
- Frontend: Next.js application with Solana wallet integration
- Backend: Express.js server with Supabase database
- Smart Contract: Solana program for permission management
- Security: End-to-end encryption using WebCrypto API
- Authentication: Solana wallet signatures
- End-to-End Encryption: All secrets are encrypted in the browser before being sent to the server
- Wallet-Based Authentication: User identity is verified through Solana wallet signatures
- On-Chain Permissions: Access control managed through Solana smart contract
- Zero Knowledge Design: The backend never sees plaintext secrets
- Node.js >= 18.0.0
- pnpm (recommended) or npm
- A compatible Solana wallet (Phantom, Solflare, etc.)
- Modern browser with WebCrypto support (Chrome, Firefox, Edge, Safari)
solsecure/
├── frontend/ # Next.js frontend application
│ ├── components/ # React components
│ ├── hooks/ # Custom React hooks for wallet integration
│ │ ├── use-secret-decryption.ts # Secret decryption logic
│ │ ├── use-secret-encryption.ts # Secret encryption logic
│ │ └── use-wallet-encryption.ts # Wallet-based key management
│ ├── lib/ # Utility functions
│ │ ├── api.ts # Backend API client
│ │ ├── crypto.ts # WebCrypto wrapper functions
│ │ └── wallet-auth.ts # Wallet authentication
│ └── app/ # Next.js app directory
│
├── backend/ # Express.js backend server
│ ├── lib/ # Backend utilities
│ │ ├── crypto.js # Crypto operations (key management)
│ │ └── supabase.js # Database connection
│ ├── routes/ # API routes
│ │ ├── secrets.js # Secret management endpoints
│ │ └── projects.js # Project management endpoints
│ └── index.js # Server entry point
│
├── programs/ # Solana programs
│ └── permission_program/ # Permission management contract
│ ├── src/ # Program source code
│ │ ├── lib.rs # Program entry point
│ │ ├── state.rs # Program state definitions
│ │ └── error.rs # Custom error types
│ └── Cargo.toml # Rust dependencies
cd frontend
pnpm installCreate a .env.local file in the frontend directory:
NEXT_PUBLIC_API_URL=http://localhost:3002Start the development server:
pnpm devThe frontend will be available at http://localhost:3000.
cd backend
pnpm installCreate a .env file in the backend directory:
PORT=3002
SUPABASE_URL=your_supabase_url
SUPABASE_ANON_KEY=your_supabase_anon_key
SUPABASE_SERVICE_KEY=your_supabase_service_key
FRONTEND_URL=http://localhost:3000Start the backend server:
pnpm devThe backend API will be available at http://localhost:3002.
SolSecure uses Solana wallets for authentication, eliminating the need for passwords:
- Connect your Solana wallet to access the application
- Sign messages to verify your identity
- Your wallet address serves as your unique identifier
Access control is managed through a Solana smart contract:
- Project owners can add/remove members on-chain
- Permission verification is decentralized and transparent
- Members can only decrypt secrets they have permission to access
- Automatic permission revocation when removed from project
All sensitive data is encrypted in your browser before transmission:
- AES-256-GCM encryption using WebCrypto API
- Encryption keys derived from wallet signatures
- Backend only stores encrypted data
- Create and manage encrypted secrets
- Organize secrets by projects and environments
- Share secrets securely with verified project members
- Permission-based access control through smart contract
- Owner creates a new project on-chain
- Program creates a PDA (Program Derived Address) for the project
- Owner becomes the default administrator
- Owner adds members to project through smart contract
- Each member's public key is stored in project state
- Members can verify their access rights on-chain
- Owner can remove members, instantly revoking access
- When sharing a secret, the system verifies membership on-chain
- Only verified members can receive encryption keys
- Access is automatically revoked when removed from project
- All permission checks are verified through the smart contract
- User signs a message using their Solana wallet
- The signature is used to derive an AES-256 encryption key using PBKDF2
- This key is securely stored in browser localStorage for the session
- User creates a new secret in the browser
- The secret is encrypted using AES-256-GCM with the derived key
- Only the encrypted data, along with IV, is sent to the backend
- Backend stores this encrypted package in the Supabase database
- User requests a secret from the backend
- Backend verifies wallet signature and sends encrypted data
- Frontend decrypts the data using the wallet-derived key
- Decrypted data never leaves the user's browser
Contributions are welcome! Please submit a pull request with your changes.