Lit Secrets

Screenshots

Problem Statement

DescriptionLit Secrets is a secure secret management solution built on Lit Protocol that fundamentally changes how sensitive credentials are handled in applications. Unlike traditional secret managers that rely solely on encryption, Lit Secrets adds a crucial layer of control by cryptographically binding secrets to specific code executions.At its core, the system ensures that secrets (like API keys, access tokens, or any sensitive data) can only be decrypted and used within pre-approved Lit Actions - secure, verifiable code environments. This means when you store a secret, you're not just encrypting it; you're explicitly defining how it can be used.Key features:Encryption bound to specific code execution contextsWallet-based authentication for secure accessFull audit trail of secret creation and usageBrowser-based interface for secret managementSecure execution environment for sensitive operationsSupport for any type of secret or credentialThe current implementation includes:Secret Creation Interface: Upload or input secrets with defined usage parametersSecret Management Dashboard: View, search, and manage stored secretsExecution Environment: Run approved operations using stored secretsHistory Tracking: Monitor when and how secrets are usedFuture development roadmap:SDK Development: Direct integration into applicationsCLI Tool: Command-line interface for DevOps workflowsEnterprise Features: Team management, role-based accessAdvanced Monitoring: Real-time usage alerts and analyticsCI/CD Integration: Automated secret rotation and deploymentUse cases include:Secure API key managementCredential sharing within teamsProtected access to sensitive servicesAutomated system authenticationSecure integration testingThe project aims to solve the fundamental problem of secret misuse while providing a developer-friendly interface for managing sensitive credentials across modern applications.

Solution

Lit Secrets is built using a combination of modern web technologies and Lit Protocol's encryption infrastructure. Here's a detailed breakdown of the technical implementation:Core Technologies:Lit Protocol for encryption and secure executionSIWE (Sign In With Ethereum) for wallet authenticationLocal Storage for encrypted secret persistenceKey Implementation Details:Secret Encryption Flow:const accessControlConditions = [{ contractAddress: "ipfs://[LIT_ACTION_CID]", standardContractType: "LitAction", chain: "ethereum", method: "checkVal", parameters: [litActionCid], returnValueTest: { comparator: "=", value: "true" } }]The encryption process binds secrets to specific Lit Actions using access control conditions. This is implemented through Lit Protocol'sencryptStringfunction, which returns a cipher text and verification hash.Secure Execution Environment:const sessionSignatures = await litNodeClient.getSessionSigs({ chain: "baseSepolia", expiration: new Date(Date.now() + 1000 * 60 * 10).toISOString(), resourceAbilityRequests: [ { resource: new LitActionResource("*"), ability: LitAbility.LitActionExecution, }, ] });The execution environment uses session signatures and wallet authentication to ensure secure access to secrets.State Management:Custom hooks for managing encryption stateLocal storage integration for persistenceReal-time search and filtering capabilitiesNotable Technical Solutions:Dynamic Access Control: Created a flexible system for defining access control conditions that can accommodate various use cases while maintaining security.Secret Storage: Implemented a secure storage solution using browser local storage that maintains encryption while allowing searchable access to secret metadata.Session Management: Built a robust session management system using SIWE and Lit Protocol's session signatures to ensure secure access across page reloads.Partner Technologies Used:Lit Protocol:Used for core encryption/decryption operationsProvides secure execution environmentHandles access control verificationChallenges and Solutions:Secret Binding: Challenge: Ensuring secrets could only be used in approved contexts. Solution: Implemented custom access control conditions that cryptographically bind secrets to specific Lit Actions.User Experience: Challenge: Making complex cryptographic operations user-friendly. Solution: Built an intuitive interface that abstracts the complexity while maintaining security.