Skip to content

refactor: secure sensitive strings #769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ovitrif wants to merge 20 commits into
base: master
Choose a base branch
from
Draft

refactor: secure sensitive strings #769

ovitrif wants to merge 20 commits into from

Conversation

@ovitrif
Copy link
Collaborator

@ovitrif ovitrif commented Feb 8, 2026

This PR introduces a Secret model that wraps sensitive data in a wipeable CharArray, replacing immutable String usage for mnemonics, passphrases, and PINs across the entire app.

Description

  1. Adds a Secret model with use/peek/wipe lifecycle and ergonomic extensions (useAsString, splitWords, wipeAll)
  2. Adds secure loadSecret/saveSecret/upsertSecret methods to Keychain
  3. Replaces String-based mnemonic handling with Secret across all services, repositories, and ViewModels
  4. Eliminates String from the entire PIN lifecycle by accumulating input as CharArray via a new mutableSecretOf() Compose utility, and removes PIN from navigation route serialization
  5. Adds ByteArray.wipe() extension and wipes derived encryption keys in RNBackupClient after use
  6. Clears restore wallet state on ViewModel destroy

Preview

IMAGE_1

QA Notes

1. Wallet creation with PIN

  • Create a new wallet
  • Set a PIN during onboarding
  • Confirm the PIN matches
  • Verify wallet is created successfully

2. PIN validation flows

  • Lock the app and unlock with PIN
  • Send a payment that requires PIN confirmation
  • Verify PIN validation works correctly in both flows

3. Change PIN

  • Go to Settings > Security > Change PIN
  • Enter current PIN
  • Enter new PIN and confirm
  • Verify the new PIN works for subsequent unlocks

4. Wallet restore

  • Start wallet restore flow
  • Paste or type a 12-word mnemonic
  • Optionally add a passphrase
  • Verify restore completes successfully

5. Backup verification

  • Go to Settings > Backups
  • View mnemonic and passphrase screens
  • Verify they display correctly
  • Complete the mnemonic confirmation flow

6. Regression

  • ./gradlew testDevDebugUnitTest passes
  • ./gradlew detekt clean

ovitrif and others added 20 commits February 5, 2026 22:43
@ovitrif
feat: add Secret model
76b69e5
@ovitrif @claude
feat: add ergonomic extensions to Secret
d21e62b 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
feat: add secure loading methods to Keychain
6c693b1 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure mnemonic in LightningService
228164c 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure mnemonic in WalletRepo
37db0f4 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure mnemonic in LightningRepo
4d703c1 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure mnemonic in SweepRepo
2ae7c68 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure mnemonic in backup services
64a62ec 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure push notification private keys
8143937 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure mnemonic display in ViewModels
790d081 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
refactor: secure PIN validation
098ef9b 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
test: add Secret extensions tests
8feee58 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@ovitrif @claude
feat: use Secret model in keychain
14a282b 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ovitrif @claude @happy-otter
refactor: secure secrets in backup UI state
2539857 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
@ovitrif @claude @happy-otter
refactor: secure wallet create/restore APIs
b02f10d 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
@ovitrif @claude @happy-otter
refactor: secure PIN validation APIs
3de3cc5 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
@ovitrif @claude @happy-otter
refactor: remove string usage for pin
90e705e 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
@ovitrif @claude @happy-otter
refactor: wipe derived encryption keys
865a4cb 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
@ovitrif @claude @happy-otter
fix: stale keychain mocks in wallet test
e551299 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
@ovitrif @claude @happy-otter
refactor: clear restore state on destroy
042d3b0 
Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ovitrif