Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

AxiomVault

Private files first. Cloud sync second.

AxiomVault is an encrypted vault for people who want local-first control with optional cloud sync. It is built around client-side encryption, a zero-knowledge design goal, and a CLI-first workflow that can grow into desktop and mobile clients over time.

What AxiomVault is trying to be

AxiomVault aims to make a simple promise:

  1. encrypt data on your device
  2. keep cloud providers unaware of plaintext contents
  3. let you move the same vault across machines without changing how it works

Today, the docs describe an early-development implementation centered on axiom-cli and the shared axiom-core Rust workspace.

Product snapshot

AreaCurrent direction
Primary interfaceCLI-driven vault management
Encryption modelClient-side encryption before sync
Recovery modelPassword + recovery mnemonic wrapping the same master key
Remote backends todayGoogle Drive, local filesystem
Access layersNative vault commands, optional FUSE mount, optional WebDAV
MCP supportNot implemented or documented in this repo today
Hardware-key supportNot implemented or documented in this repo today
Project maturityEarly development, not production ready

Why it exists

  • Private by default — data is encrypted before it leaves your machine.
  • Local-first workflow — the vault remains useful even without a cloud connection.
  • Composable architecture — the same core is intended to serve CLI, sync, mount, and future client surfaces.
  • Portable model — a vault should be understandable as a product, not tied to one storage vendor.

Start here

  • Quickstart — create a vault, add a file, and run a first sync.
  • Security — review the crypto model, trust assumptions, and safeguards.
  • Threat Model — see which attackers and boundaries the design focuses on.
  • Current Limitations — understand what is incomplete or risky today.
  • MCP Status — see what MCP-related automation is and is not available today.
  • YubiKey and Hardware Keys — see the current lack of hardware-key integration claims.
  • Architecture — understand how axiom-cli and axiom-core fit together.
  • Sync and Cloud — review current backend support and sync behavior.

Main capabilities in scope

  • Local encryption before data touches cloud storage
  • Vault lifecycle management from the CLI
  • Encrypted file storage with a tree index
  • Sync engine with conflict handling strategies
  • Optional FUSE mount and WebDAV access layers
  • Shared Rust core intended for reuse across clients
  • No documented MCP integration today
  • No documented YubiKey or hardware-key workflow today

Repository components

  • axiom-cli — commands for creating, opening, mounting, and syncing vaults.
  • axiom-core — shared Rust crates for crypto, storage, sync, FFI, WebDAV, and FUSE.

Current status

AxiomVault is in early development. Expect rough edges, format changes, incomplete hardening, and missing operational polish. These docs should help contributors and evaluators understand the direction of the project, not treat it as production-ready security guidance.