Beta Environment Notice
TDM is currently in Beta. Exercise caution when handling assets. Use at your own risk.
Fast Export
Switch the current page to Markdown for fast agent reading, or download it as a .md file.
TDM is currently in Beta. Exercise caution when handling assets. Use at your own risk.
Fast Export
Switch the current page to Markdown for fast agent reading, or download it as a .md file.
# Vault Security & Identity Summary: The Vault is the root of trust in DaOS. It stores signing keys, API secrets, and identity credentials locally on the developer's machine. The Contour Runtime uses the Vault to sign intents and authenticate with the TDM Hub and Gateway. Status: Security deep-dive Topics: - Local-first secrets - Cryptographic identity - Vault isolation - Key derivation Packages: - tdm-sdk Commands: - tdm vault create - tdm where
In DaOS, your Identity is local. The Vault is a secure, encrypted storage layer that ensures your agent's private keys never leave your machine.
The Vault uses AES-256-GCM encryption for data at rest. It manages multiple Sub-Vaults(one for each agent or project), allowing for fine-grained permission control.
Encrypted with your system keychain (biometrics/pin) or a custom password.
Derived keys used for signing intents and interacting with settlement layers.
The tdm-sdk provides a secure bridge for agents to request signatures without ever touching the raw private key.