What is stored in the vault exactly, and can it be a security risk if shared ?

[Jules Archinova]

Hello,

"ACMESharp makes use of a Vault which is a repository to store and manage the state of the ACME protocol and persist various artifacts supporting different ACME operations.ACMESharp makes use of a Vault which is a repository to store and manage the state of the ACME protocol and persist various artifacts supporting different ACME operations."
- https://github.com/ebekker/ACMESharp/wiki/Vaults%2C-Vault-Providers-and-Vault-Profiles


"Various artifacts" being rather large, what is stored in this vault exactly ?


System wide vault using a folder readable by all users (%ALLUSERSPROFILE%), depending on what is stored on this vault, it may constitue a security risk.

[Eugene Bekker]

The Vault stores everything that it needs for state to manage interaction with an ACME server (i.e. Let's Encrypt CA), which does include various sensitive parts like private keys for the account and for each certificate requested.  It also may contain sensitive elements like authentication parameters that you may provide if you create profiles for Challenge Handlers -- like Access keys for an AWS account if you use that provider.

So the vault does contain very sensitive info.  The Vault is just data persisted to disk, so you secure it at a minimum with file permissions just like any sensitive document on disk.You can also choose to encrypt it with OS-level services like EFS or third-party tools.