Stop Storing Keys
In Plaintext
Standard WordPress plugins store your sensitive API keys (Groq, OpenAI, Stripe) in clear text or weak hashes. VGT Omega Vault introduces Authenticated Encryption with AAD-Binding to ensure your credentials remain unreadable even if your database is leaked.
DIAMANT STATUS CORE
Architectural Principles of the VGT Vault
AAD Binding
Additional Authenticated Data. Keys are cryptographically bound to their identifiers. Moving a key to a different option name triggers a decryption failure.
HKDF Key Gen
We don't use raw WP Salts. We derive a master key through HKDF-SHA256 to ensure maximum entropy and resistance against key-related attacks.
O(1) Registry
Native hash-map implementation for the key registry. Zero overhead lookup even with hundreds of stored keys. Auto-migration logic included.
API Facade
Clean inter-plugin communication. Other VGT plugins can fetch and decrypt keys with a single line of code. Decryption is transparent and fast.
Zero-Trust
Implementation
VGT Omega Vault is not just a storage tool; it's a security paradigm. It utilizes the aes-256-gcm cipher with raw binary data to eliminate padding oracle attacks common in older standards.
- No dummy code. No boilerplates.
- Strict types enforcement (PHP 8.0+).
- Open Source (AGPLv3) Transparency.
public static function encrypt(string $plaintext): string { $iv_length = openssl_cipher_iv_length('aes-256-gcm'); $iv = random_bytes($iv_length); $tag = ''; $ciphertext = openssl_encrypt( $plaintext, 'aes-256-gcm', self::get_master_key(), OPENSSL_RAW_DATA, $iv, $tag, $context_id // AAD Binding Verification ); return base64_encode($iv . $tag . $ciphertext); }