Architecture decision records

This section documents significant architectural decisions made during the development of nr-vault, along with the context and consequences of each decision.

Architecture Decision Records (ADRs) capture important decisions along with their context and consequences. They provide a historical record of why certain decisions were made, helping future maintainers understand the codebase.

Table of contents

Overview

ADR	Title	Status
001	ADR-001: UUID v7 for secret identifiers	Accepted
002	ADR-002: Envelope encryption	Accepted
003	ADR-003: Master key management	Accepted
004	ADR-004: TCA integration	Accepted
005	ADR-005: Access control	Accepted
006	ADR-006: Audit logging	Accepted
007	ADR-007: Secret metadata	Accepted
008	ADR-008: HTTP client	Accepted
009	:ref:`adr-009-extension-configuration-secr	s` Accepted
010	ADR-010: Secure Outbound inside nr-vault	Accepted
011	ADR-011: Credential Sets data model	Accepted
012	ADR-012: SecureHttpClient API and transports	Accepted
013	ADR-013: Rust FFI preload-only mode	Accepted
014	ADR-014: Packaging native artifacts	Accepted
015	ADR-015: HTTP/3 feature flag	Accepted
016	ADR-016: Sidecar daemon option	Accepted
017	ADR-017: Audit metadata retention	Accepted
018	ADR-018: FlexForm secret lifecycle management	Accepted
019	:ref:`adr-019-configurable-audit-read-logg	g` Accepted
020	:ref:`adr-020-master-key-request-lifetime-	ching` Accepted
021	ADR-021: Batch secret loading	Accepted
022	ADR-022: Dedicated OAuth exception	Accepted
023	ADR-023: Audit hash chain HMAC consideration	Accepted