API
Constructor
ts
new BYOKVault(options?)Main Options
namespace?: stringminPassphraseLength?: number(default8)pbkdf2Iterations?: number(default and minimum200000)maxTokens?: number(turns on circuit breaker)hardMinTokens?: number(default1when breaker is enabled)hardMaxTokens?: number(optional runtime ceiling)devMode?: booleanlocalStorage?: StoragesessionStorage?: Storagelogger?: { warn(message: string): void }passkeyAdapter?: PasskeyAdaptersessionMode?: "tab" | "action"
hardMinTokens / hardMaxTokens require maxTokens.
Methods
setKey(apiKey, passphrase): Promise<void>importKey(plainKey, passphrase, { clearStorageKey?, plainStorage? }?): Promise<void>setConfig(config, passphrase): Promise<void>setConfigWithPasskey(config, options): Promise<void>unlock(passphrase, { session? }?): Promise<void>unlockWithPasskey(options?): Promise<void>withKey(callback, { requestedTokens?, passphrase?, session? }): Promise<T>withConfig(callback, { requestedTokens?, passphrase?, session? }): Promise<T>withKeyScope(callback, { requestedTokens?, passphrase?, session? }): Promise<T>reportUsage(tokens): voidgetUsage(): numbergetRemainingTokens(): numbergetMaxTokens(): number | nullsetMaxTokens(limit): voidgetHardMinTokens(): number | nullgetHardMaxTokens(): number | nullhasStoredKey(): booleangetState(): "none" | "locked" | "unlocked"canCall(): booleanisPasskeyEnrolled(): booleanisLocked(): booleangetEncryptedBlob(): EncryptedKeyBlob | nulllock(): voidnuke(): void
Notes
sessionMode: "tab"keeps unlock state insessionStoragefor the current tab session.sessionMode: "action"requires passphrase/passkey per action unless explicitly overridden.withKeyScope(...)keeps key material available for callback Promise lifetime; it does not provide async-generatoryieldsemantics by itself.
Passkey methods (setConfigWithPasskey, unlockWithPasskey) require a passkey-capable environment.
Error Codes
PASSPHRASE_POLICYPBKDF2_POLICYKEY_NOT_FOUNDVAULT_LOCKEDWRONG_PASSPHRASEINVALID_USAGE_REPORTCIRCUIT_BREAKER_LIMITCIRCUIT_BREAKER_DISABLEDPASSKEY_NOT_SUPPORTEDPASSKEY_NOT_ENROLLEDPASSKEY_UNLOCK_FAILED