How about releasing apis

[programming-kid]

i love this concept . I want to make an app out of this for myself, can u please release some apis to create app or guide me in reverse engineering this .

Thank You.

[jcoglan]

I'm not sure what you mean by 'releasing some APIs'. Could you explain in more details what you want to do?

[programming-kid]

i just want to wrap this whole thing in phonegap or cordova as a mobile app .

[jcoglan]

I don't know an awful lot about how those platforms work, but you are free to implement the algorithm Vault uses to generate passwords on whatever platform you like. There is some more information about how it works here:

https://blog.jcoglan.com/2012/07/16/designing-vaults-generator-algorithm/

You are free to embed the code from this repo in any app, subject to the terms of the license. The current release is MIT but the next will likely be GPL.

[programming-kid]

Basically what i am asking is how can i use vault as module in any other node program or on client side .

I want to do something like this
For e.g

[my-valut.js]

var Vault = require('vault');

newVault = new Vault();

newVault.config({
'a-z' : "allowed", 
'A-Z': "required",
... // other
... // config
... // options
'length' : 8,
'repetition':2
});

newVault.service = "twitter";

newVault.hash('my-pass-phrase',function(err,hashedtext){
console.log(hashedtext);
});

How can i do this

[jcoglan]

Currently, require('vault') returns vault.js, which contains the generator and is cross-platform. The spec is full of example usage.

However, vault is intended as an end-user application, rather than a module, and I make no guarantees about the stability of the internal APIs. What is stable is the generator algorithm -- I can't change that since people's passwords rely on it. If you want your own Vault-like functionality, I recommend that you either:

• Reimplement this algorithm; it's quite simple and mostly relies on standard crypto functions
• Wrap the vault.js module in your own API, to insulate your application from future changes to the vault module's API

[programming-kid]

Yep i think i will go with second option . Vault is great as end user app but i think making a node module and client side plugin would increase its applications . What do you think ? & Thanks for making vault.

[jcoglan]

What sort of applications do you have in mind?

[programming-kid]

Vault can be use to implement password resets or OTP's etc. I just created a mobile app using vault which simply replicates the vault's web version.

[TexRx]

+1 @programming-kid

@jcoglan - First, I really trust vault and appreciate the time and effort you've put in to make it. I'd like to add my two-cents to the API discussion.

I use the vault site on my phone to generate passwords for various phone-specific apps. While the website is responsive and looks and works fine on smaller devices, I would love a dedicated app that simpifies the password generate > tap-copy process. I've been thinking about doing this for a while, and with all the whooptiedoo around React Native, I've got a new-found desire to make a vault app. If possible, I'd like to be able to sync notes (probably notes only?) across devices as well (unless even syncing notes is discouraged). Your thoughts?

Thanks again for the great app.

[jcoglan]

I'm still not sure what anyone means by me implementing "APIs". As I've already said, you are free to implement the Vault algorithm in a mobile app if you want, but I'm not going to do that -- I don't have the time, inclination, or expertise.

As for syncing notes, the code that's in the master branch for a storage format that works on the web and for local use is still not final, so I wouldn't rely on it. The general plan is to use RemoteStorage, but I'm still not comfortable with the fact that protocol is still in the design process and has ongoing design changes. Until that's finalised and I can actually release that code, I'm not going to specify a format or protocol for syncing state.

I'm also not going implement any sort of HTTP-based API hosted on https://getvau.lt, because that would involve people's Vault data hitting my server.

[joaomilho]

@jcoglan I believe they mean turning this into a documentation.

[almereyda]

As this issue remains open, people wanting a mobile implementation of a similar algorithm can look at take a look at lesspass.com.