Security model
Credentials
Section titled “Credentials”Credentials live only in the OS keychain — macOS Keychain, Windows Credential Manager, or Linux Secret Service. They are never written to SQLite, config files, or logs.
Network
Section titled “Network”All S3 requests go through Rust via @tauri-apps/plugin-http. There is no
CORS proxy, no relay, and no third-party service between you and your
storage endpoint.
Error handling
Section titled “Error handling”Error messages shown in the interface are plain sentences. Raw SDK or XML error text never reaches the UI (or anything that could leak request details).
Reporting a vulnerability
Section titled “Reporting a vulnerability”Found a vulnerability? Please report it privately — see SECURITY.md for the process. Do not open a public issue for security reports.