Hi @Redth
This project provides advanced key management features (Android/iOS), including the ability to cloud sync keystores across machines (see README: "Cloud sync keystores across machines").
I noticed there is currently no SECURITY.md documentation explaining potential risks, required precautions, or recommendations around key management and cloud sync.
I'm thinking this could help comforting the developer to use it safely if we added such documentation. What do you think?
Suggestion
- Add a SECURITY.md file, that clarifies how cloud keystore sync works and what security measures are in place or recommended.
- Briefly describe risks of accidental key leaks, including if keys are accidentally injected/copied into Copilot or other AI tools.
- Suggest security best practices for users (for local use, for cloud sync, and for automation/CI environments), or clearly state limitations.
Thanks!
Hi @Redth
This project provides advanced key management features (Android/iOS), including the ability to cloud sync keystores across machines (see README: "Cloud sync keystores across machines").
I noticed there is currently no
SECURITY.mddocumentation explaining potential risks, required precautions, or recommendations around key management and cloud sync.I'm thinking this could help comforting the developer to use it safely if we added such documentation. What do you think?
Suggestion
Thanks!