Architecture decision records
This section documents significant architectural decisions made during the development of nr-vault, along with the context and consequences of each decision.
Architecture Decision Records (ADRs) capture important decisions along with their context and consequences. They provide a historical record of why certain decisions were made, helping future maintainers understand the codebase.
Table of contents
Overview
| ADR | Title | Status |
|---|---|---|
| 001 | ADR-001: UUID v7 for secret identifiers | Accepted |
| 002 | ADR-002: Envelope encryption | Accepted |
| 003 | ADR-003: Master key management | Accepted |
| 004 | ADR-004: TCA integration | Accepted |
| 005 | ADR-005: Access control | Accepted |
| 006 | ADR-006: Audit logging | Accepted |
| 007 | ADR-007: Secret metadata | Accepted |
| 008 | ADR-008: HTTP client | Accepted |
| 009 | ADR-009: Extension configuration secrets | Accepted |
| 010 | ADR-010: Secure Outbound inside nr-vault | Accepted |
| 011 | ADR-011: Credential Sets data model | Accepted |
| 012 | ADR-012: SecureHttpClient API and transports | Accepted |
| 013 | ADR-013: Rust FFI preload-only mode | Accepted |
| 014 | ADR-014: Packaging native artifacts | Accepted |
| 015 | ADR-015: HTTP/3 feature flag | Accepted |
| 016 | ADR-016: Sidecar daemon option | Accepted |
| 017 | ADR-017: Audit metadata retention | Accepted |