Lit Secrets

Description

Lit Secrets is a secure secret management solution built on Lit Protocol that fundamentally changes how sensitive credentials are handled in applications. Unlike traditional secret managers that rely solely on encryption, Lit Secrets adds a crucial layer of control by cryptographically binding secrets to specific code executions.

At its core, the system ensures that secrets (like API keys, access tokens, or any sensitive data) can only be decrypted and used within pre-approved Lit Actions - secure, verifiable code environments. This means when you store a secret, you're not just encrypting it; you're explicitly defining how it can be used.

Key features:

• Encryption bound to specific code execution contexts
• Wallet-based authentication for secure access
• Full audit trail of secret creation and usage
• Browser-based interface for secret management
• Secure execution environment for sensitive operations
• Support for any type of secret or credential

The current implementation includes:

1. Secret Creation Interface: Upload or input secrets with defined usage parameters
2. Secret Management Dashboard: View, search, and manage stored secrets
3. Execution Environment: Run approved operations using stored secrets
4. History Tracking: Monitor when and how secrets are used

Future development roadmap:

1. SDK Development: Direct integration into applications
2. CLI Tool: Command-line interface for DevOps workflows
3. Enterprise Features: Team management, role-based access
4. Advanced Monitoring: Real-time usage alerts and analytics
5. CI/CD Integration: Automated secret rotation and deployment

Use cases include:

• Secure API key management
• Credential sharing within teams
• Protected access to sensitive services
• Automated system authentication
• Secure integration testing

The project aims to solve the fundamental problem of secret misuse while providing a developer-friendly interface for managing sensitive credentials across modern applications.

Lit Secrets is built using a combination of modern web technologies and Lit Protocol's encryption infrastructure. Here's a detailed breakdown of the technical implementation:

Core Technologies:

• Lit Protocol for encryption and secure execution
• SIWE (Sign In With Ethereum) for wallet authentication
• Local Storage for encrypted secret persistence

Key Implementation Details:

1. Secret Encryption Flow:

const accessControlConditions = [{
  contractAddress: "ipfs://[LIT_ACTION_CID]",
  standardContractType: "LitAction",
  chain: "ethereum",
  method: "checkVal",
  parameters: [litActionCid],
  returnValueTest: { comparator: "=", value: "true" }
}]

The encryption process binds secrets to specific Lit Actions using access control conditions. This is implemented through Lit Protocol's encryptString function, which returns a cipher text and verification hash.

1. Secure Execution Environment:

const sessionSignatures = await litNodeClient.getSessionSigs({
  chain: "baseSepolia",
  expiration: new Date(Date.now() + 1000 * 60 * 10).toISOString(),
  resourceAbilityRequests: [
    {
      resource: new LitActionResource("*"),
      ability: LitAbility.LitActionExecution,
    },
  ]
});

The execution environment uses session signatures and wallet authentication to ensure secure access to secrets.

1. State Management:

• Custom hooks for managing encryption state
• Local storage integration for persistence
• Real-time search and filtering capabilities

Notable Technical Solutions:

1. Dynamic Access Control: Created a flexible system for defining access control conditions that can accommodate various use cases while maintaining security.

2. Secret Storage: Implemented a secure storage solution using browser local storage that maintains encryption while allowing searchable access to secret metadata.

3. Session Management: Built a robust session management system using SIWE and Lit Protocol's session signatures to ensure secure access across page reloads.

Partner Technologies Used:

Lit Protocol:

• Used for core encryption/decryption operations
• Provides secure execution environment
• Handles access control verification

Challenges and Solutions:

1. Secret Binding: Challenge: Ensuring secrets could only be used in approved contexts. Solution: Implemented custom access control conditions that cryptographically bind secrets to specific Lit Actions.

2. User Experience: Challenge: Making complex cryptographic operations user-friendly. Solution: Built an intuitive interface that abstracts the complexity while maintaining security.