nomyo-ai/nomyo
2
1
Fork 0
Code Issues Pull requests Projects Releases 8 Packages Wiki Activity Actions

docs: enhancement and clarification

Browse source
This commit is contained in:
Alpha Nerd 2026-01-17 11:12:40 +01:00
parent f668fd9db5
commit 01335c64b0
2 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -63,7 +63,6 @@ python3 test.py
- **Optional persistence**: Keys can be saved to `client_keys/` directory for reuse across sessions - **Optional persistence**: Keys can be saved to `client_keys/` directory for reuse across sessions
- **Password protection**: Optional password encryption for private keys (recommended for production) - **Password protection**: Optional password encryption for private keys (recommended for production)
- **Secure permissions**: Private keys stored with restricted permissions (600 - owner-only access) - **Secure permissions**: Private keys stored with restricted permissions (600 - owner-only access)
- **Secure memory protection**: Plaintext payloads protected from disk swapping and memory lingering
### Secure Memory Protection ### Secure Memory Protection

11
SECURITY.md
View file

@ -25,6 +25,7 @@ HTTP connections are vulnerable to man-in-the-middle attacks where an attacker c
### 2. Protect Private Keys ### 2. Protect Private Keys
**Password Protection:** **Password Protection:**
```python ```python
# Generate keys with password protection # Generate keys with password protection
await client.generate_keys(save_to_file=True, password="strong_password_here") await client.generate_keys(save_to_file=True, password="strong_password_here")
@ -34,6 +35,7 @@ await client.load_keys("client_keys/private_key.pem", password="strong_password_
``` ```
**File Permissions:** **File Permissions:**
- Private keys are automatically saved with 0600 permissions (owner read/write only) - Private keys are automatically saved with 0600 permissions (owner read/write only)
- Never commit private keys to version control - Never commit private keys to version control
- Add `client_keys/` to your `.gitignore` - Add `client_keys/` to your `.gitignore`
@ -41,10 +43,12 @@ await client.load_keys("client_keys/private_key.pem", password="strong_password_
### 3. Key Management ### 3. Key Management
**Key Rotation:** **Key Rotation:**
- Regularly rotate RSA key pairs (recommended: every 90 days) - Regularly rotate RSA key pairs (recommended: every 90 days)
- Generate new keys when changing environments (dev → staging → production) - Generate new keys when changing environments (dev → staging → production)
**Key Storage:** **Key Storage:**
- Store keys outside the project directory in production - Store keys outside the project directory in production
- Use environment variables or secrets management systems - Use environment variables or secrets management systems
- Never hardcode keys in source code - Never hardcode keys in source code
@ -80,7 +84,8 @@ This will display warnings but allow the connection to proceed.
## Reporting Security Issues ## Reporting Security Issues
Report security vulnerabilities responsibly: Report security vulnerabilities responsibly:
- Do NOT create public GitHub issues
- Contact: security@nomyo.ai - Do **NOT** create public GitHub issues, use "Report a vulnerability" function in Github instead!
- Contact: ichi@nomyo.ai
- Include detailed vulnerability information - Include detailed vulnerability information
- Allow time for remediation before disclosure - Allow time for remediation before disclosure. Thank you.