跳转到内容
Tauri

Stronghold

使用 IOTA Stronghold 加密数据库和安全运行时存储秘密和密钥。

This plugin requires a Rust version of at least 1.77.2

Platform Level Notes
windows
linux
macos
android
ios

安装 stronghold 插件开始。

使用项目的包管理器来添加依赖。

npm run tauri add stronghold

该插件必须使用密码哈希函数进行初始化,该函数接收密码字符串,并必须返回由其派生的 32 字节哈希值。

Stronghold 插件提供了一个默认的哈希函数,使用的是 [argon2] 算法。

src-tauri/src/lib.rs
use tauri::Manager;
pub fn run() {
tauri::Builder::default()
.setup(|app| {
let salt_path = app
.path()
.app_local_data_dir()
.expect("could not resolve app local data path")
.join("salt.txt");
app.handle().plugin(tauri_plugin_stronghold::Builder::with_argon2(&salt_path).build())?;
Ok(())
})
.run(tauri::generate_context!())
.expect("error while running tauri application");
}

或者,您也可以通过使用 tauri_plugin_stronghold::Builder::new 构造函数来提供您自己的哈希算法。

src-tauri/src/lib.rs
pub fn run() {
tauri::Builder::default()
.plugin(
tauri_plugin_stronghold::Builder::new(|password| {
// 在这里使用 argon2、blake2b 或任何其他安全算法对密码进行散列。
// 下面是一个使用 `rust-argon2` 板条箱对密码进行散列的示例实现:
use argon2::{hash_raw, Config, Variant, Version};
let config = Config {
lanes: 4,
mem_cost: 10_000,
time_cost: 10,
variant: Variant::Argon2id,
version: Version::Version13,
..Default::default()
};
let salt = "your-salt".as_bytes();
let key =
hash_raw(password.as_ref(), salt, &config).expect("failed to hash password");
key.to_vec()
})
.build(),
)
.run(tauri::generate_context!())
.expect("error while running tauri application");
}

Stronghold 插件可以在 JavaScript 中使用。

import { Client, Stronghold } from '@tauri-apps/plugin-stronghold';
// 当设置 `"withGlobalTauri": true` 时,你可以用
// const { Client, Stronghold } = window.__TAURI__.stronghold;
import { appDataDir } from '@tauri-apps/api/path';
// 当设置 `"withGlobalTauri": true` 时,你可以用
// const { appDataDir } = window.__TAURI__.path;
const initStronghold = async () => {
const vaultPath = `${await appDataDir()}/vault.hold`;
const vaultPassword = 'vault password';
const stronghold = await Stronghold.load(vaultPath, vaultPassword);
let client: Client;
const clientName = 'name your client';
try {
client = await stronghold.loadClient(clientName);
} catch {
client = await stronghold.createClient(clientName);
}
return {
stronghold,
client,
};
};
// 向 store 中插入一条记录
async function insertRecord(store: any, key: string, value: string) {
const data = Array.from(new TextEncoder().encode(value));
await store.insert(key, data);
}
// 从 store 中读取一条记录
async function getRecord(store: any, key: string): Promise<string> {
const data = await store.get(key);
return new TextDecoder().decode(new Uint8Array(data));
}
const { stronghold, client } = await initStronghold();
const store = client.getStore();
const key = 'my_key';
// 向 store 中插入一条记录
insertRecord(store, key, 'secret value');
// 从 store 中读取一条记录
const value = await getRecord(store, key);
console.log(value); // 'secret value'
// 保存更新
await stronghold.save();
// 从 store 中删除一条记录
await store.remove(key);

默认情况下,所有具有潜在危险的插件命令和范围都会被阻止且无法访问。您必须修改 capabilities 文件夹中的配置来启用它们。

参见能力概览以获取更多信息,以及插件的分步导览来调整插件权限。

src-tauri/capabilities/default.json
{
...,
"permissions": [
"stronghold:default",
]
}

Default Permission

This permission set configures what kind of operations are available from the stronghold plugin.

Granted Permissions

All non-destructive operations are enabled by default.

This default permission set includes the following:

  • allow-create-client
  • allow-get-store-record
  • allow-initialize
  • allow-execute-procedure
  • allow-load-client
  • allow-save-secret
  • allow-save-store-record
  • allow-save

Permission Table

Identifier Description

stronghold:allow-create-client

Enables the create_client command without any pre-configured scope.

stronghold:deny-create-client

Denies the create_client command without any pre-configured scope.

stronghold:allow-destroy

Enables the destroy command without any pre-configured scope.

stronghold:deny-destroy

Denies the destroy command without any pre-configured scope.

stronghold:allow-execute-procedure

Enables the execute_procedure command without any pre-configured scope.

stronghold:deny-execute-procedure

Denies the execute_procedure command without any pre-configured scope.

stronghold:allow-get-store-record

Enables the get_store_record command without any pre-configured scope.

stronghold:deny-get-store-record

Denies the get_store_record command without any pre-configured scope.

stronghold:allow-initialize

Enables the initialize command without any pre-configured scope.

stronghold:deny-initialize

Denies the initialize command without any pre-configured scope.

stronghold:allow-load-client

Enables the load_client command without any pre-configured scope.

stronghold:deny-load-client

Denies the load_client command without any pre-configured scope.

stronghold:allow-remove-secret

Enables the remove_secret command without any pre-configured scope.

stronghold:deny-remove-secret

Denies the remove_secret command without any pre-configured scope.

stronghold:allow-remove-store-record

Enables the remove_store_record command without any pre-configured scope.

stronghold:deny-remove-store-record

Denies the remove_store_record command without any pre-configured scope.

stronghold:allow-save

Enables the save command without any pre-configured scope.

stronghold:deny-save

Denies the save command without any pre-configured scope.

stronghold:allow-save-secret

Enables the save_secret command without any pre-configured scope.

stronghold:deny-save-secret

Denies the save_secret command without any pre-configured scope.

stronghold:allow-save-store-record

Enables the save_store_record command without any pre-configured scope.

stronghold:deny-save-store-record

Denies the save_store_record command without any pre-configured scope.


© 2025 Tauri Contributors. CC-BY / MIT