Web3Vault
Web3Vault is a web3 password manager allowing people to sync private notes and passwords using strong encryption, blockchain and decentralized storage
Web3Vault
Created At
Winner of
Blockscout - Best use of Blockscout Block Explorer
Prize Pool
Project Description
Web3Vault is a cutting-edge solution designed to enhance the security and accessibility of private and sensitive data in the blockchain. This desktop application serves as a secure repository for passwords and personal notes, leveraging well established encryption methods (like AES-256) to safeguard user data and assets.
How it's Made
With Web3Vault, the user could choose to store the password database as an encrypted file or choose to synchronise it using decentralised technologies. In this scenario, the encrypted database is published to web3.storage and the application receives an IPFS CID corresponding to the data. This CID is also encrypted and stored in a smart contract store on the base layer2 network.
To synchronise the password on another device, the user needs to connect to their wallet and provide the shared secret used during the symmetric encryption process.
The user can retrieve the encrypted CID from the smart contract and decrypt it to access the encrypted database previously published on IPFS. Once downloaded to the other device, Web3Vault could read the sensitive data again.
As user trust in the product and the global user experience are very important, we chose to deploy our Solidity smart contract on Base, taking advantage of its fast transactions and low gas fees.
Blockscout Explorer is used to verify the smart contract, so the user can read the source code from their web interface. We also get some interesting metrics from the Blockscout GraphQL API, such as the total number of unique addresses using the Web3Vault service.
The Graph, with the indexing of the smart contract events, gives us the ability to easily access the data using GraphQL. We could also use this indexing to allow the user to have a versioning of all the password vault backups they have made in the past. We didn't implement this in the smart contract, but it's a concept we want to highlight, even if you're using a Solidity mapping.
We are also using Privy as a web3 connector because it gives us the opportunity to onboard web2.0 users by allowing people to connect with OAuth2 (with Google, Discord or even GitHub) and with SMS. Storing your passwords and sensitive data is not just a need from the web3 sphere, everyone could be interested in the concept even without knowing how decentralized storage and blockchain work.
