Encrypted local key vault helper for browser apps

[truthixify]

Tier: L (1-2 weeks) Type: feature

Context

Some browser-only apps need to keep derived stealth keys around briefly (e.g., to scan, to spend). Today consumers either keep them in memory (lost on reload) or insecurely in localStorage. Provide a passphrase-protected IndexedDB vault.

Scope

• KeyVault class wrapping IndexedDB with PBKDF2 + AES-GCM
• vault.unlock(passphrase) / vault.lock() / vault.put(label, keys) / vault.get(label)
• Browser-only (Node consumers don't need it)
• Auto-lock on tab idle / blur (configurable)
• Clear documentation that this is not a replacement for hardware wallets

Acceptance criteria

• Implementation + tests
• Threat model documented (what it does NOT protect against)
• Demo follow-up for opt-in vault use
• Browser-only check in build

Files to start with

• New: src/vault/

[Chrisland58]

@Chrisland58 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi maintainer I will like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Chrisland58 to this issue.

[ghost-cy829]

@ghost-cy829 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I would like to work on this issue. I have experience with Rust and Soroban smart contract development. I will follow the acceptance criteria and add tests. Excited to contribute. Kindly assign.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ghost-cy829 to this issue.

[drips-wave]

Congratulations, @Chrisland58! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @Chrisland58: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[truthixify]

@Chrisland58 Assigned. Welcome to wave 6.

Quick expectations to make this smooth for both sides:

1. Branch from develop (not main). PRs target develop.
2. Open a draft PR within ~3 days of pickup so we can see direction early.
3. Update at least every 5 days. Silence is the only thing that costs you the assignment; if you get stuck or context changes, just say so on the PR.
4. Read the issue body's acceptance criteria carefully. Hitting those is the merge bar.

If anything is ambiguous, ask before building.