Overview

Ledger Operation contains a list of Storage Configurations (one or more per each blob in the data set). Each Configuration points at a ChainLocker Vault instance. Vaults are generally controlled by the primary beneficiaries of data they store. Vaults can be based on various storage technologies, including file systems, cloud storage, IPFS or any web services which can serve data. We discourage interacting with databases directly.

Access to the data in vaults can be revoked/denied at any time, if the owner of the vaults considers it important to protect the data. Current implementation of the Vaults provides API endpoints as a part of the ChainLocker API for simplicity, but technically Vaults are separate, independent services.

All data in Vaults is encrypted using 256-bit AES-GCM encryption. The key (generated randomly for each data set) is stored in the Ledger Operation. For the Vault implementations which provide strong native encryption (i.e. Amazon S3), we may delegate encryption to the vault technology in the future.

Vault#

• Currently is a part of ChainLocker interface
• May be controlled by the network, by specific participants, or by third parties (outsourced storage providers)
• Will be decoupled and potentially turned into a separate commercial entity
• Potentially will have a separate, data storage volume based billing
• May have its own accounts, access and identity management