🔐 Enterprise-Grade Frontend E2E Encryption with Zero-Knowledge Security
Vaultic SDK provides secure cryptographic operations for your frontend applications. Built for compliance, security, and scalability with mandatory server validation.
🏗️ Architecture: Frontend (@vaultic/sdk) handles crypto → Backend (@vaultic/identity) manages identities → Vaultic API validates everything
- Zero-knowledge encryption: Your private keys never leave the client
- Server-validated operations: All crypto operations require server approval
- Complete audit trail: Full compliance reporting for regulations
- Real-time monitoring: Security analytics and threat detection
- Simple integration: Get started in minutes with clear APIs
- Multi-platform support: React, Vue, Angular, React Native
- TypeScript native: Full type safety and autocomplete
- Progressive examples: From minimal to advanced use cases
- 99.9% uptime SLA: Reliable service you can depend on
- Automatic scaling: Handles your growth seamlessly
- 24/7 support: Expert help when you need it
Frontend (@vaultic/sdk) - THIS PACKAGE
┌─────────────────────┐ API Validation ┌────────────────────────┐
│ Your Frontend │ ──────────────────► │ Vaultic Platform │
│ (React/Vue/etc) │ │ │
│ │ │ • Validates All Ops │
│ ┌─────────────────┐ │ │ • Generates IDs │
│ │ @vaultic/sdk │ │ ◄──────────────── │ • Manages Quotas │
│ │ │ │ Signed Responses │ • Enforces Permissions │
│ │ • Client Crypto │ │ │ • Audit & Analytics │
│ │ • Server Auth │ │ │ • Global CDN │
│ └─────────────────┘ │ └────────────────────────┘
└─────────────────────┘
▲
│ HTTP API calls
▼
┌─────────────────────┐ Identity Creation ┌─────────────────────┐
│ Your Backend │ ◄─────────────────── │ Your Frontend │
│ (Express/etc) │ │ (React/etc) │
│ │ │ │
│ ┌─────────────────┐ │ │ ┌─────────────────┐ │
│ │ @vaultic/identity│ │ │ │ User Registration│ │
│ │ (separate pkg) │ │ │ │ HTTP calls │ │
│ │ │ │ │ └─────────────────┘ │
│ │ • createIdentity│ │ └─────────────────────┘
│ │ • getPublicId │ │
│ │ • User Management│ │
│ └─────────────────┘ │
└─────────────────────┘
Sign up at dashboard.vaultic.app to get your API keys.
Frontend (crypto operations):
npm install @vaultic/sdkBackend (identity management):
npm install @vaultic/identity// backend/auth.js - Your authentication endpoints
import { createIdentity, getPublicIdentity } from '@vaultic/identity';
// Registration: Backend creates Vaultic identity
app.post('/auth/register', async (req, res) => {
const { email, password } = req.body;
// 1. Create user in your database
const user = await db.users.create({ email, password });
// 2. Create Vaultic identity (backend only)
const vaulticIdentity = await createIdentity(
'your-app-id',
'your-app-secret', // Backend secret only
user.id
);
// 3. Return public identity to frontend
res.json({
userId: user.id,
vaulticIdentity: getPublicIdentity(vaulticIdentity)
});
});
// Login: Backend provides existing identity
app.post('/auth/login', async (req, res) => {
const { email, password } = req.body;
// 1. Verify user credentials
const user = await authenticateUser(email, password);
// 2. Get stored Vaultic identity
const identity = await db.vaulticIdentities.findOne({ userId: user.id });
// 3. Return public identity to frontend
res.json({
userId: user.id,
vaulticIdentity: getPublicIdentity(identity.vaulticIdentity)
});
});// frontend/messaging.js - Your app logic
import { VaulticClient } from '@vaultic/sdk';
const vaultic = new VaulticClient({
appId: 'your-app-id',
apiKey: 'vlt_your_api_key'
});
class SecureMessaging {
async registerUser(email: string, password: string) {
// 1. Call YOUR backend to create identity
const response = await fetch('/api/auth/register', {
method: 'POST',
body: JSON.stringify({ email, password })
});
const { userId, vaulticIdentity } = await response.json();
// 2. Initialize SDK with backend-created identity
await vaultic.initialize();
await vaultic.start(userId);
await vaultic.registerIdentity({
passphrase: password,
identity: vaulticIdentity // From backend
});
return userId;
}
async sendMessage(recipient: string, message: string) {
// Frontend handles encryption (server validates)
const encrypted = await vaultic.encrypt(message, {
shareWithUsers: [recipient]
});
// Send encrypted data via your API
await fetch('/api/messages', {
method: 'POST',
body: JSON.stringify({ recipient, encrypted })
});
}
async receiveMessages() {
// Get encrypted messages from your API
const messages = await fetch('/api/messages').then(r => r.json());
// Decrypt on frontend
return Promise.all(messages.map(async msg => ({
...msg,
content: await vaultic.decrypt(msg.encrypted)
})));
}
}- Client-side encryption: Data encrypted on device before transmission
- Private keys stay local: Generated and stored locally using WebCrypto
- Server validates operations: All crypto operations require server approval
- Multi-device sync: Seamless access across user devices
- Backend-controlled identities:
createIdentity(appId, appSecret, userId) - Secure identity sharing:
getPublicIdentity(identity)for communication - User management: Integrate with your existing auth system
- Server-generated IDs: All group/resource IDs come from Vaultic servers
- Permission validation: Server checks access rights for all operations
- Secure sharing: Share encrypted data with users and groups
- Mandatory API connection: All operations require server validation
- Quota enforcement: Server-side limits prevent abuse
- Cryptographic signatures: All server responses are signed
- Anti-fork design: SDK is useless without valid Vaultic API access
- No offline vulnerabilities: Can't bypass security without server
- Audit compliance: Complete trail of all operations
- Access control: Server validates every permission
- Quota enforcement: Prevents abuse and ensures billing accuracy
- Revenue protection: Impossible to bypass payment/limits
- Usage tracking: Accurate analytics and billing
- Support enablement: Full visibility for troubleshooting
- Compliance ready: SOC 2, GDPR, HIPAA documentation
- Simple integration: Clear separation of concerns
- Reliable operations: Server validation prevents edge cases
- Production ready: Battle-tested with enterprise customers
- Multi-platform: Same API across all platforms
// 1. Authenticate with your backend
const { userId, identity } = await fetch('/api/auth/login', {
method: 'POST',
body: JSON.stringify({ email, password })
}).then(r => r.json());
// 2. Setup SDK
const client = new VaulticClient({ appId, apiKey });
await client.initialize();
await client.start(userId);
await client.verifyIdentity({ type: 'passphrase', value: password, identity });
// 3. Encrypt/decrypt
const encrypted = await client.encrypt('secret', { shareWithUsers: ['[email protected]'] });
const decrypted = await client.decrypt(encrypted);See examples/basic-usage.ts for:
- User registration and login flows
- Secure messaging implementation
- Group management
- Error handling patterns
- Backend integration examples
The SDK provides clear error codes for common scenarios:
try {
await vaultic.encrypt(data);
} catch (error) {
if (error.code === 'API_CONNECTION_REQUIRED') {
// Handle offline state
} else if (error.code === 'QUOTA_EXCEEDED') {
// Guide user to upgrade plan
}
}- Private keys generated locally using WebCrypto APIs
- All encryption happens client-side before API calls
- Vaultic servers never see plaintext data or private keys
- All device/group/resource IDs generated server-side
- Every operation validated against server permissions
- Cryptographic signatures prevent tampering
- Continuous authentication via challenge-response
- Complete audit trail for all operations
- SOC 2 Type II compliance with annual audits
- GDPR and HIPAA documentation available
- Real-time security monitoring
- Target: Frontend applications
- Purpose: Cryptographic operations with server validation
- Capabilities: encrypt, decrypt, groups, sharing
- Dependencies: Native WebCrypto APIs only
- Target: Backend applications only
- Purpose: Identity creation and management
- Capabilities: createIdentity, getPublicIdentity, user management
- Security: Requires app secret (backend only)
- Sign up at dashboard.vaultic.app
- Install packages:
@vaultic/sdk(frontend) +@vaultic/identity(backend) - Set up backend identity creation endpoints
- Integrate frontend crypto operations
- Test and deploy with confidence
Build secure. Build with confidence. Build with Vaultic.
⚠️ Security Notice: This SDK requires active connection to Vaultic servers for all operations. The SDK is designed to be completely dependent on the Vaultic platform to ensure security, compliance, and proper usage tracking.