Found a security issue in KDBXKit? Open a private security advisory on GitHub. I'd be grateful.

KDBXKit is at v1.0 and isn't widely deployed yet; response is best-effort, with no formal SLA.

For the engineering posture — what KDBXKit does to protect credentials, the threat model, the cryptographic primitives in use, and what's deliberately out of scope — see docs/security.md.