Skip to main content

Stronghold Engineering Specification


title: Strongholdstub: strongholddocument: Engineering Specificationversion: 0000maintainer: Daniel Thompson-Yvetot <>contributors: [Dave de Fijter <>, tensorprogramming <>, Daniel Thompson-Yvetot <>, Marcelo Bianchi <>]sponsors: [Navin Ramachandran <>]licenses: ["CC-BY-INTL-3.0"]updated: 2021-Apr-27


This document introduces the High-Level Specification of the Stronghold.

Logical System Design#

Low Level#

A Stronghold is composed of several interacting systems at a low level:

  1. Snapshot - box-encrypted file-based persistence layer
  2. Vault - a write and use protected, path-based system for storing and using secrets like private keys
  3. Store - a read/write key:value storage system for dynamic data
  4. Cache - an in-memory abstraction for vault and store
  5. Runtime - memory protection system for secrets
  6. Communication - libp2p based system for communication between strongholds

High Level#

At the high level, Stronghold provides an official client for interfacing with a Stronghold snapshot and its records.