Skip to main content

Stronghold Engineering Specification


title: Stronghold
stub: stronghold
document: Engineering Specification
version: 0000
maintainer: Daniel Thompson-Yvetot <[email protected]>
Dave de Fijter <[email protected]>,
tensorprogramming <[email protected]>,
Daniel Thompson-Yvetot <[email protected]>,
Marcelo Bianchi <[email protected]>,
sponsors: [Navin Ramachandran <[email protected]>]
licenses: ['CC-BY-INTL-3.0']
updated: 2021-Apr-27


This document introduces the High-Level Specification of the Stronghold.

Logical System Design

Low Level

A Stronghold is composed of several interacting systems at a low level:

  1. Snapshot - box-encrypted file-based persistence layer
  2. Vault - a write and use protected, path-based system for storing and using secrets like private keys
  3. Store - a read/write key:value storage system for dynamic data
  4. Cache - an in-memory abstraction for vault and store
  5. Runtime - memory protection system for secrets

High Level

At the high level, Stronghold provides an official client for interfacing with a Stronghold snapshot and its records.